Lucene search
Khanhchauminh76F3B405-9F5D-44B1-8434-B52B56EE395FHistoryJan 28, 2022 - 9:16 a.m.
Business Logic Errors in dolibarr/dolibarr
2022-01-2809:16:27
khanhchauminh
www.huntr.dev
9
dolibarr
business logic errors
weight
length
width
height
area
volume
negative numbers
product
bug bounty
EPSS
0.001
Percentile
21.4%
Description
Dolibarr is vulnerable to Business Logic Errors in theWeight, Length x Width x Height, Area, Volume fields of a Product since these values can be negative numbers.
Proof of Concept
1.After login, in the top menu bar, click Products
2.In the left menu bar, click List to view the list of products
3.Click any product to go to the product details.
4.In the product details, click MODIFY button
5.In the Weight, Length x Width x Height, Area, Volume fields, enter negative values and clickSAVE button.
Impact
This vulnerability is capable of the unlogic in the Weight, Length x Width x Height, Area, Volume fields of a Product.
Related
prion
prion
Input validation
2022-01-31 11:15:00
veracode
veracode
Business Logic Flaws
2022-02-03 06:40:06
cvelist
cvelist
github
github
Dolibarr vulnerable to Improper Validation of Specified Quantity in Input
2022-02-01 22:01:47
nvd
nvd
CVE-2022-0414
2022-01-31 11:15:07
ubuntucve
ubuntucve
CVE-2022-0414
2022-01-31 00:00:00
osv
osv
CVE-2022-0414
2022-01-31 11:15:07
Dolibarr vulnerable to Improper Validation of Specified Quantity in Input
2022-02-01 22:01:47
cve
cve
CVE-2022-0414
2022-01-31 11:15:07