Miggo Logo

CVE-2018-13450: Dolibarr SQL injection vulnerability in product/card.php

9.8

CVSS Score
3.0

Basic Information

EPSS Score
0.57661%
Published
5/14/2022
Updated
4/24/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
dolibarr/dolibarrcomposer= 7.0.37.0.4

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from unsanitized use of the 'status_batch' parameter in product/card.php. The commit diff shows the parameter was previously retrieved with GETPOST('status_batch') without validation, then patched with GETPOST('status_batch','aZ09') to restrict input. The lack of input filtering in the vulnerable version allowed arbitrary SQL injection via this parameter. Other changes in test_sql_and_script_inject() and select_thirdparty_list() improve general SQLi protection but aren't directly tied to the CVE's root cause.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

SQL inj**tion vuln*r**ility in pro*u*t/**r*.p*p in *oli**rr *RP/*RM v*rsion *.*.* *llows r*mot* *tt**k*rs to *x**ut* *r*itr*ry SQL *omm*n*s vi* t** st*tus_**t** p*r*m*t*r.

Reasoning

T** vuln*r**ility st*ms *rom uns*nitiz** us* o* t** 'st*tus_**t**' p*r*m*t*r in pro*u*t/**r*.p*p. T** *ommit *i** s*ows t** p*r*m*t*r w*s pr*viously r*tri*v** wit* **TPOST('st*tus_**t**') wit*out v*li**tion, t**n p*t**** wit* **TPOST('st*tus_**t**','