CVE-2017-14240

HIGH

Dolibarr ERP/CRM <6.0.0 - Info Disclosure

Title source: llm

There is a sensitive information disclosure vulnerability in document.php in Dolibarr ERP/CRM version 6.0.0 via the file parameter.

Core 1

Core References

Patch, Third Party Advisory x_refsource_confirm

CVSS v3 7.5

EPSS 0.0027

EPSS Percentile 50.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-200

Status published

Products (2)

dolibarr/dolibarr 6.0.0

dolibarr/dolibarr 0 - 6.0.1Packagist

Published Sep 11, 2017

Tracked Since Feb 18, 2026