Business Logic Errors in dolibarr/dolibarr
Jan 9th 2022
The application does not check the input of price number lead to Business Logic error through negative price amount.
Proof of Concept
Go to Product and Services area
Create a new or edit an item, insert a negative amount into
Also in Billing and payment area and Donations area and maybe more
Business logic can have security flaws that allow a user to do something that isn't allowed by the business, in business logic can be devastating to an entire application. They can be difficult to find automatically, since they typically involve legitimate use of the application's functionality.
Except for donation, being able to enter a negative amount is the expected feature.