Multiple vulnerabilities in Dolibarr



Published: 2019-08-15 | Updated: 2019-09-30
Risk Low
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2019-15062
CVE-2019-16197
CWE-ID CWE-352
CWE-79
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Public exploit code for vulnerability #2 is available.
Vulnerable software
Subscribe
dolibarr
Web applications / CRM systems

Vendor Dolibarr ERP & CRM

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Cross-site request forgery

EUVDB-ID: #VU21426

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-15062

CWE-ID: CWE-352 - Cross-Site Request Forgery (CSRF)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform cross-site request forgery attacks.

The vulnerability exists due to insufficient validation of the HTTP request origin. A remote authenticated attacker can store an IFRAME element (containing a user/card.php CSRF request) in his Linked Files settings page, trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website, such as completely take over the admin account.




Mitigation

Install update from vendor's website.

Vulnerable software versions

dolibarr: 10.0.0 - 10.0.1


CPE2.3 External links

http://gauravnarwani.com/publications/CVE-2019-15062/
http://github.com/Dolibarr/dolibarr/issues/11671

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Cross-site scripting

EUVDB-ID: #VU21427

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-16197

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: Yes

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists in "htdocs/societe/card.php" due to the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

dolibarr: 10.0.1


CPE2.3 External links

http://packetstormsecurity.com/files/154481/Dolibarr-ERP-CRM-10.0.1-Cross-Site-Scripting.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###