Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr

Valid

Reported on

Jul 21st 2021


✍️ Description

CSRF bug to delete product variants

🕵️‍♂️ Proof of Concept

Here it does not check token parameter for csrf .You can remove token paramater from url. bellow request is vulnerable to csrf attack when delete product variants .
https://demo.dolibarr.org/variants/combinations.php?id=476&valueid=93&action=confirm_deletecombination&confirm=yes&delete_product=

💥 Impact

csrf attack

We have contacted a member of the dolibarr team and are waiting to hear back a year ago
ranjit-git modified the report
a year ago
ranjit-git modified the report
a year ago
Laurent Destailleur marked this as fixed with commit 7dfedd a year ago
Laurent Destailleur has been awarded the fix bounty
This vulnerability will not receive a CVE
main.inc.php#L463-L482 has been validated
to join this conversation