Business Logic Errors in dolibarr/dolibarr

Valid

Reported on

Jan 28th 2022


Description

Dolibarr is vulnerable to Business Logic Errors in the Weight, Length x Width x Height, Area, Volume fields of a Product since these values can be negative numbers.

Proof of Concept

1.After login, in the top menu bar, click Products
2.In the left menu bar, click List to view the list of products
3.Click any product to go to the product details.
4.In the product details, click MODIFY button
5.In the Weight, Length x Width x Height, Area, Volume fields, enter negative values and click SAVE button.

Impact

This vulnerability is capable of the unlogic in the Weight, Length x Width x Height, Area, Volume fields of a Product.

We are processing your report and will contact the dolibarr team within 24 hours. a year ago
We have contacted a member of the dolibarr team and are waiting to hear back a year ago
Laurent Destailleur validated this vulnerability a year ago
KhanhCM has been awarded the disclosure bounty
The fix bounty is now up for grabs
Laurent Destailleur marked this as fixed in 16.0 with commit 37fb02 a year ago
Laurent Destailleur has been awarded the fix bounty
This vulnerability will not receive a CVE
to join this conversation