This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: A critical SQL Injection (SQLi) flaw in Dolibarr ERP/CRM. π **Consequences**: Attackers can bypass security controls to extract **ALL** data from the database.β¦
π‘οΈ **CWE**: CWE-89 (SQL Injection). π **Flaw**: The `/dolibarr/admin/dict.php` endpoint fails to sanitize the `sortorder` and `sortfield` parameters.β¦
π’ **Vendor**: Dolibarr Foundation. π¦ **Product**: Dolibarr ERP/CRM. π **Affected Version**: Specifically **v9.0.1**. π **Scope**: Any instance running this version without patches is vulnerable.
Q4What can hackers do? (Privileges/Data)
π΅οΈ **Privileges**: No authentication required (PR:N). ποΈ **Data Access**: High (C:H). Attackers can read **all** stored information. π **Targets**: Products, stock levels, invoices, and customer orders.β¦
π **Threshold**: LOW. πͺ **Auth**: None required (Publicly exploitable). βοΈ **Config**: No special settings needed. π― **Vector**: Network-accessible (AV:N). Anyone with internet access to the server can exploit it.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π **PoC**: Not explicitly listed in the provided data (pocs: []). π **Wild Exploit**: Likely exists given the low complexity (AC:L) and lack of auth. π **Ref**: Incibe CERT advisory confirms the vulnerability exists.
Q7How to self-check? (Features/Scanning)
π **Check**: Scan for `/dolibarr/admin/dict.php`. π§ͺ **Test**: Inject SQL payloads into `sortorder` or `sortfield` parameters. π **Result**: Look for database errors or unexpected data returns in the response.β¦
π§ **Workaround**: If patching is delayed, restrict access to `/dolibarr/admin/dict.php` via WAF or firewall rules. π« **Block**: Prevent direct external access to the admin dictionary endpoint.β¦