Business Logic Errors in dolibarr/dolibarr
Valid
Reported on
Jan 28th 2022
Description
Dolibarr is vulnerable to Business Logic Errors in the Weight, Length x Width x Height, Area, Volume fields of a Product since these values can be negative numbers.
Proof of Concept
1.After login, in the top menu bar, click Products
2.In the left menu bar, click List to view the list of products
3.Click any product to go to the product details.
4.In the product details, click MODIFY button
5.In the Weight, Length x Width x Height, Area, Volume fields, enter negative values and click SAVE button.
Impact
This vulnerability is capable of the unlogic in the Weight, Length x Width x Height, Area, Volume fields of a Product.
We are processing your report and will contact the
dolibarr
team within 24 hours.
a year ago
We have contacted a member of the
dolibarr
team and are waiting to hear back
a year ago
to join this conversation