Miggo Logo
Miggo Vulnerability Database
CVE-2018-10094

CVE-2018-10094: Dolibarr SQL injection vulnerability

9.8

CVSS Score
3.0

Basic Information

CVE ID
CVE-2018-10094
GHSA ID
GHSA-57wj-22w9-wm9r
EPSS Score
0.98772%
CWE
CWE-89
Published
5/14/2022
Updated
4/24/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
dolibarr/dolibarrcomposer< 7.0.27.0.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper input validation in the 'statut' parameter handling. The commit diff shows a critical change from using GETPOST with 'alpha' filter to 'intcomma' filter for this parameter. The 'alpha' filter allows alphabetical characters but doesn't properly sanitize integer inputs, leaving SQL queries vulnerable to injection when parameters aren't quoted. Advisory details confirm the attack vector involves integer parameters without quotes, and the patch specifically addresses this by using a numeric filter type ('intcomma'), which validates comma-separated integers. This directly points to the GETPOST function with improper filtering as the vulnerable component.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

SQL inj**tion vuln*r**ility in *oli**rr ***or* *.*.* *llows r*mot* *tt**k*rs to *x**ut* *r*itr*ry SQL *omm*n*s vi* v**tors involvin* int***r p*r*m*t*rs wit*out quot*s.

Reasoning

T** vuln*r**ility st*ms *rom improp*r input v*li**tion in t** 'st*tut' p*r*m*t*r **n*lin*. T** *ommit *i** s*ows * *riti**l ***n** *rom usin* `**TPOST` wit* '*lp**' *ilt*r to 'int*omm*' *ilt*r *or t*is p*r*m*t*r. T** '*lp**' *ilt*r *llows *lp****ti**