A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. This affects the function _checkValForAPI of the file htdocs/expedition/class/expedition.class.php of the component Shipments API Endpoint. The manipulation of the argument fields leads to sql injection. The attack is possible to be carried out remotely. A high degree of complexity is needed for the attack. It is indicated that the exploitability is difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
The severity level of this vulnerability is classified as low, with a CVSS score of 1.3. Despite the low severity, organizations should remain vigilant, as risk to organizations includes the potential for data compromise through SQL injection.
Given the exploit is publicly available, organizations are urged to assess their exposure and take appropriate measures to mitigate any potential risks. The complexity of the attack suggests a limited but present threat that should not be ignored.
Organizations should prioritize patching immediately to ensure that their systems remain secure from this vulnerability.
Vulnerability Details
This vulnerability allows for SQL injection in Dolibarr ERP CRM versions up to 23.0.2. The official CVE description indicates that the vulnerability affects the Shipments API Endpoint and involves manipulation of the argument fields. The CVSS 3.1 score is 5, which classifies it as medium severity. The attack is possible via the network, with high complexity and low privileges required.
Technical Analysis
The root cause of this vulnerability stems from improper validation of user input in the API function. Attackers may leverage this vulnerability to execute arbitrary SQL commands against the database. The attack vector is network-based, requiring no user interaction, and has a high complexity due to the need for specific input manipulation.
Risk & Impact Analysis
Risk to organizations includes potential unauthorized access to sensitive data stored within the Dolibarr ERP CRM database. While the exploit requires a high level of complexity, organizations should still assess their exposure and prioritize remediation. Given the low CVSS score and the absence of active exploitation in the wild, organizations may address this vulnerability in their routine maintenance.
Exploitation Status
Signal | Status |
|---|---|
Known Exploit | No |
Public PoC | No |
Actively Exploited | No |
Ransomware Use | No |
Affected Versions
All versions prior to vendor patch.
Mitigation & Remediation
Organizations should prioritize patching immediately. To remediate the vulnerability, upgrading to the latest version of Dolibarr ERP CRM is recommended. In case a patch is not immediately available, organizations should implement strict input validation on API endpoints, and consider hardening configurations.
Detection Guidance
Monitor logs for any unusual database queries. Look for patterns indicative of SQL injection attempts, and ensure that network signatures are updated to reflect potential threats.
AppSecure Threat Intelligence Insight
This vulnerability highlights ongoing challenges in secure coding practices, particularly around input validation. Security teams should review secure coding practices to prevent similar vulnerabilities. Additionally, the availability of exploits in the wild emphasizes the importance of timely vulnerability management. Consider engaging in penetration testing to identify and address potential weaknesses before they can be exploited.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)