Unrestricted Access to Dolibarr ERP/CRM Template Files Allows Information Disclosure

Unrestricted Access to Dolibarr ERP/CRM Template Files Allows Information Disclosure

CVE-2017-17898 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote attackers to obtain sensitive information.

Learn more about our Crm Penetration Testing.