Miggo Logo

CVE-2022-0731: Improper Authorization in dolibarr/dolibarr

6.5

CVSS Score
3.1

Basic Information

EPSS Score
0.16972%
Published
2/24/2022
Updated
1/28/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
dolibarr/dolibarrcomposer< 16.016.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the dol_check_secure_access_document function's handling of the 'userphoto' modulepart. Before patching, it granted unconditional access ($accessallowed = 1) to user photos without validating the file path structure. Attackers could bypass authorization by manipulating the file parameter to access arbitrary files in user directories. The patch added a regex check (preg_match('/^\d+/photos//') to enforce proper path structure, confirming the original vulnerability existed in this authorization check logic. Other file modifications were secondary path construction fixes that depended on this core authorization vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*oli**rr *llows improp*r ****ss *ontrol issu*s in t** us*rp*oto mo*ul*p*rt. T** imp**t *oul* l*** to **t* *xposur* *s t** *tt***** *il*s *n* *o*um*nts m*y *ont*in s*nsitiv* in*orm*tion o* r*l*v*nt p*rti*s su** *s *ont**ts, suppli*rs, invoi**s, or**rs

Reasoning

T** vuln*r**ility st*ms *rom t** *ol_****k_s**ur*_****ss_*o*um*nt *un*tion's **n*lin* o* t** 'us*rp*oto' mo*ul*p*rt. ***or* p*t**in*, it *r*nt** un*on*ition*l ****ss ($****ss*llow** = *) to us*r p*otos wit*out v*li**tin* t** *il* p*t* stru*tur*. *tt*