A vulnerability has been found in Dolibarr ERP CRM 23.0.0/23.0.1/23.0.2
The Dolibarr ERP CRM application has an authorization bypass vulnerability in its messaging function, allowing an attacker to access sensitive data without proper authorization. This issue can be exploited remotely and a fix is available in version 23.0.3. Developers should prioritize updating to the latest version to prevent unauthorized access.
A vulnerability has been found in Dolibarr ERP CRM 23.0.0/23.0.1/23.0.2. The affected element is an unknown function of the file htdocs/user/messaging.php. Such manipulation of the argument ID leads to authorization bypass. The attack can be executed remotely. Upgrading to version 23.0.3 is sufficient to fix this issue. The name of the patch is 119b3606c7a701747a57a1f18b1a9e7666f678e2. It is suggested to upgrade the affected component.
Developers using Dolibarr ERP CRM versions prior to 23.0.3 are at risk of authorization bypass attacks, which is a medium severity risk.
Monitor & Review
Low severity — keep this CVE on your radar and patch during routine maintenance.
What should I do?
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
0
Affected Products
5
References
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Exploitability
Impact