Business Logic Errors in dolibarr/dolibarr

Valid

Reported on

Jan 28th 2022


Description

Dolibarr is vulnerable to Business Logic Errors in the Weight, Length x Width x Height, Area, Volume fields of a Product since these values can be negative numbers.

Proof of Concept

1.After login, in the top menu bar, click Products
2.In the left menu bar, click List to view the list of products
3.Click any product to go to the product details.
4.In the product details, click MODIFY button
5.In the Weight, Length x Width x Height, Area, Volume fields, enter negative values and click SAVE button.

Impact

This vulnerability is capable of the unlogic in the Weight, Length x Width x Height, Area, Volume fields of a Product.

We are processing your report and will contact the dolibarr team within 24 hours. 4 months ago
We have contacted a member of the dolibarr team and are waiting to hear back 4 months ago
Laurent Destailleur validated this vulnerability 4 months ago
KhanhCM has been awarded the disclosure bounty
The fix bounty is now up for grabs
Laurent Destailleur confirmed that a fix has been merged on 37fb02 4 months ago
Laurent Destailleur has been awarded the fix bounty
to join this conversation