Miggo Logo
Miggo Vulnerability Database
CVE-2017-9435

CVE-2017-9435:
Dolibarr ERP and CRM SQLi

9.8

CVSS Score
3.0

Basic Information

CVE ID
CVE-2017-9435
GHSA ID
GHSA-v3m8-7h3p-6j5m
EPSS Score
0.55449%
CWE
CWE-89
Published
5/17/2022
Updated
7/27/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
dolibarr/dolibarrcomposer< 5.0.35.0.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper input sanitization of search_statut and search_supervisor parameters in user/index.php. The commit diff shows:

  1. Parameters were originally retrieved with GETPOST using 'alpha' filter which allows special characters
  2. SQL queries directly embedded these parameters without proper escaping
  3. The patch changes the filter to 'intcomma' and adds $db->escape() calls
  4. CWE-89 confirmation and NVD description both indicate SQL injection via these parameters
  5. The vulnerable pattern matches classic SQL injection through unsanitized user input in SQL WHERE clauses

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*oli**rr *RP/*RM ***or* *.*.* is vuln*r**l* to * SQL inj**tion in us*r/in**x.p*p (s**r**_sup*rvisor *n* s**r**_st*tut p*r*m*t*rs).

Reasoning

T** vuln*r**ility st*ms *rom improp*r input s*nitiz*tion o* s**r**_st*tut *n* s**r**_sup*rvisor p*r*m*t*rs in us*r/in**x.p*p. T** *ommit *i** s*ows: *. P*r*m*t*rs w*r* ori*in*lly r*tri*v** wit* **TPOST usin* '*lp**' *ilt*r w*i** *llows sp**i*l ***r**