High severity7.5NVD Advisory· Published Dec 27, 2017· Updated May 13, 2026
CVE-2017-17898
CVE-2017-17898
Description
Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote attackers to obtain sensitive information.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
dolibarr/dolibarrPackagist | < 6.0.5 | 6.0.5 |
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/Dolibarr/dolibarr/commit/4a5988accbb770b74105baacd5a034689272128cnvdPatchThird Party AdvisoryWEB
- github.com/Dolibarr/dolibarr/commit/6a62e139604dbbd5729e57df2433b37a5950c35cnvdPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-jm38-vmgp-j7rxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-17898ghsaADVISORY
News mentions
0No linked articles in our index yet.