Business Logic Errors in dolibarr/dolibarr

Valid

Reported on

Jan 9th 2022

Description

The application does not check the input of price number lead to Business Logic error through negative price amount.

Proof of Concept

Go to Product and Services area htdocs/product/index.php
Create a new or edit an item, insert a negative amount into Selling price field.

Also in Billing and payment area and Donations area and maybe more

Impact

Business logic can have security flaws that allow a user to do something that isn't allowed by the business, in business logic can be devastating to an entire application. They can be difficult to find automatically, since they typically involve legitimate use of the application's functionality.

Occurrences

card.php L202-L259

card.php L182-L217

card.php L341-L362

card.php L148-L198

card.php L277-L506

card.php L220-L248

card.php L206-L317

card.php L509-L673

We are processing your report and will contact the dolibarr team within 24 hours. 2 years ago

We have contacted a member of the dolibarr team and are waiting to hear back 2 years ago

Laurent Destailleur Laurent

commented 2 years ago

Maintainer

Except for donation, being able to enter a negative amount is the expected feature.

Laurent Destailleur validated this vulnerability 2 years ago

laladee has been awarded the disclosure bounty

The fix bounty is now up for grabs

Laurent Destailleur marked this as fixed in develop with commit d89216 2 years ago

Laurent Destailleur has been awarded the fix bounty

This vulnerability will not receive a CVE

card.php#L148-L198 has been validated

card.php#L202-L259 has been validated

card.php#L182-L217 has been validated

card.php#L220-L248 has been validated

card.php#L341-L362 has been validated

card.php#L206-L317 has been validated

card.php#L509-L673 has been validated

card.php#L277-L506 has been validated

to join this conversation