CVE-2023-4198
Improper Access Control in Dolibarr ERP CRM <= v17.0.3 allows an unauthorized authenticated user to read a database table containing customer data
Source: CVE-2023-4198
CVE-2023-4198
Improper Access Control in Dolibarr ERP CRM <= v17.0.3 allows an unauthorized authenticated user to read a database table containing customer data
Source: CVE-2023-4198
CVE-2023-4197
Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code.
Source: CVE-2023-4197
CVE-2023-5516
Poorly constructed webap requests and URI components with special characters trigger unhandled errors and exceptions, disclosing
information about the underlying technology and other sensitive information details. The website unintentionally reveals sensitive information including technical details like version Info, endpoints,
backend server, Internal IP. etc., which can potentially expose additional attack surface containing other interesting vulnerabilities.
Source: CVE-2023-5516
CVE-2023-5515
The responses for web queries with certain parameters disclose internal path of resources. This information can be used to learn internal structure of the application and to further plot attacks against
web servers and deployed web applications.
Source: CVE-2023-5515
CVE-2023-2622
Authenticated clients can read arbitrary files on the MAIN Computer
system using the remote procedure call (RPC) of the InspectSetup
service endpoint. The low privilege client is then allowed to read arbitrary files that they do not have authorization to read.
Source: CVE-2023-2622
CVE-2023-5514
The response messages received from the eSOMS report generation using certain parameter queries with full file path can be
abused for enumerating the local file system structure.
Source: CVE-2023-5514
CVE-2023-2621
The McFeeder server (distributed as part of SSW package), is susceptible to an arbitrary file write vulnerability on the MAIN computer
system. This vulnerability stems from the use of an outdated version of a third-party library, which is used to extract archives uploaded to McFeeder server. An authenticated malicious client can
exploit this vulnerability by uploading a crafted ZIP archive via the
network to McFeeder’s service endpoint.
Source: CVE-2023-2621
CVE-2023-5898
Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
Source: CVE-2023-5898
CVE-2023-5899
Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
Source: CVE-2023-5899
CVE-2023-5889
Insufficient Session Expiration in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
Source: CVE-2023-5889