CVE-2022-30875 in Dolibarr
Summary
by MITRE • 06/08/2022
Dolibarr 12.0.5 is vulnerable to Cross Site Scripting (XSS) via Sql Error Page.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 06/11/2022
The vulnerability identified as CVE-2022-30875 affects Dolibarr version 12.0.5 and represents a cross site scripting flaw that manifests through sql error pages. This vulnerability falls under the CWE-79 category of Cross Site Scripting, specifically demonstrating how error handling mechanisms can become attack vectors when user input is not properly sanitized. Dolibarr is an open source ERP and CRM software solution used by organizations for business management, making this vulnerability particularly concerning given the sensitive nature of data handled by such systems.
The technical flaw occurs when the application encounters a sql error during processing and renders error messages on web pages without adequate output encoding or sanitization. When malicious actors can inject javascript code into sql queries or parameters that eventually appear in error messages, they can execute arbitrary scripts in the context of other users' browsers. This vulnerability is particularly dangerous because sql errors often contain database structure information, query parameters, and other data that may include user-supplied input. The error page functionality in Dolibarr 12.0.5 fails to properly escape or sanitize this information before rendering it to the user interface.
The operational impact of this vulnerability extends beyond simple script execution as it can enable attackers to perform session hijacking, steal sensitive data, redirect users to malicious sites, or even gain elevated privileges within the application. In a business environment where Dolibarr manages financial records, customer data, and operational information, an attacker could potentially access confidential business information or manipulate critical processes through this vulnerability. The attack surface is broad since sql errors can occur during various operations including login attempts, data entry, and report generation, providing multiple opportunities for exploitation.
Organizations using Dolibarr 12.0.5 should immediately implement mitigations including upgrading to patched versions of the software, implementing proper input validation and output encoding mechanisms, and configuring web application firewalls to detect and block suspicious payloads. The vulnerability aligns with ATT&CK technique T1566.001 for initial access through malicious inputs and T1059.007 for command and scripting interpreter through web shell execution. Security teams should also consider implementing comprehensive logging and monitoring of sql error occurrences to detect potential exploitation attempts. The fix typically involves ensuring that all user-provided input is properly escaped when displayed in error messages and that error handling routines do not directly render raw database content without sanitization.