CVE-2023-4198 MEDIUM

CVE-2023-4198: Dolibarr ERP CRM (<= 17.0.3) Improper Access Control

Vendor Dolibarr
Product Dolibarr ERP CRM
Weakness CWE-862 · Missing authorization
Published November 1, 2023
Last update September 5, 2024
View on NVD All CVEs

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Improper Access Control in Dolibarr ERP CRM <= v17.0.3 allows an unauthorized authenticated user to read a database table containing customer data

Key dates

02Disclosure timeline

November 1, 2023 CVE published
September 5, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-67624 WordPress Optimize More! – Images plugin <= 1.1.3 - Broken Access Control vulnerability CVE-2025-68048 WordPress NextMove Lite plugin <= 2.23.0 - Broken Access Control vulnerability CVE-2024-33005 Missing Authorization check in SAP NetWeaver Application Server (ABAP and Java),SAP Web Dispatcher and SAP Content Server CVE-2026-2900 Missing Authorization in GitLab CVE-2025-0951 LiquidThemes Themes <= Various Versions - Missing Authorization to Authenticated (Subscriber+) All Plugins Deactivated