Dolibarr ERP/CRM SQL Injection Vulnerability

A series of SQL injection vulnerabilities have been identified in Dolibarr ERP/CRM version 10.0.1. These vulnerabilities allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. The affected parameters include actioncode, demand_reason_id, and availability_id, all within card.php endpoints. Exploitation of these vulnerabilities could lead to unauthorized access to sensitive database information using various SQL injection techniques, such as boolean-based blind, error-based, and time-based blind methods.

Impact

Exploitation of these vulnerabilities could result in unauthorized data access, allowing attackers to extract sensitive information from the database.

Reproduction

To reproduce this vulnerability, an authenticated user can send a POST request to the card.php endpoint with injected SQL payloads in the actioncode, demand_reason_id, or availability_id parameters. The injection can be performed using boolean-based blind, error-based, or time-based blind techniques, depending on the injected SQL payload.