huntr.dev
Open in
urlscan Pro
2600:9000:223d:ba00:14:bb32:5f00:93a1
Public Scan
URL:
https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f/
Submission: On June 29 via api from US — Scanned from DE
Submission: On June 29 via api from US — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
huntr Open menu / Bounties 524 Community More Responsible disclosure policy FAQ Contact us Hacktivity Leaderboard Submit report Login Logout huntr Close menu / -------------------------------------------------------------------------------- Bounties Find your next target Submission Submit a report Hacktivity Browse public reports Leaderboard Our leaderboard -------------------------------------------------------------------------------- Policy FAQ Contact us Login BUSINESS LOGIC ERRORS IN DOLIBARR/DOLIBARR 0 Valid Reported on Jan 28th 2022 -------------------------------------------------------------------------------- DESCRIPTION Dolibarr is vulnerable to Business Logic Errors in the Weight, Length x Width x Height, Area, Volume fields of a Product since these values can be negative numbers. PROOF OF CONCEPT 1.After login, in the top menu bar, click Products 2.In the left menu bar, click List to view the list of products 3.Click any product to go to the product details. 4.In the product details, click MODIFY button 5.In the Weight, Length x Width x Height, Area, Volume fields, enter negative values and click SAVE button. IMPACT This vulnerability is capable of the unlogic in the Weight, Length x Width x Height, Area, Volume fields of a Product. We are processing your report and will contact the dolibarr team within 24 hours. a year ago We have contacted a member of the dolibarr team and are waiting to hear back a year ago Laurent Destailleur validated this vulnerability a year ago KhanhCM has been awarded the disclosure bounty The fix bounty is now up for grabs Laurent Destailleur marked this as fixed in 16.0 with commit 37fb02 a year ago Laurent Destailleur has been awarded the fix bounty This vulnerability will not receive a CVE Sign in to join this conversation CVE CVE-2022-0414 (published) Vulnerability Type CWE-840: Business Logic Errors Severity Medium (4.1) Attack vector Network Attack complexity Low Privileged required High User interaction None Scope Changed Confidentiality None Integrity Low Availability None Open in visual CVSS calculator Visibility Public Status Fixed Found by KhanhCM @khanhchauminh LIGHTWEIGHT Fixed by Laurent Destailleur @eldy UNPROVEN This report was seen 748 times. We are processing your report and will contact the dolibarr team within 24 hours. a year ago We have contacted a member of the dolibarr team and are waiting to hear back a year ago Laurent Destailleur validated this vulnerability a year ago KhanhCM has been awarded the disclosure bounty The fix bounty is now up for grabs Laurent Destailleur marked this as fixed in 16.0 with commit 37fb02 a year ago Laurent Destailleur has been awarded the fix bounty This vulnerability will not receive a CVE Sign in to join this conversation 2022 © 418sec HUNTR * home * hacktivity * leaderboard * FAQ * contact us * terms * privacy policy PART OF 418SEC * company * about * team Chat with us