Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-0174

Summary
Assigner-@huntrdev
Assigner Org ID-c09c270a-b464-47c1-9133-acb35b22c19a
Published At-10 Jan, 2022 | 17:30
Updated At-02 Aug, 2024 | 23:18
Rejected At-
Credits

Improper Validation of Specified Quantity in Input in dolibarr/dolibarr

Improper Validation of Specified Quantity in Input vulnerability in dolibarr dolibarr/dolibarr.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:@huntrdev
Assigner Org ID:c09c270a-b464-47c1-9133-acb35b22c19a
Published At:10 Jan, 2022 | 17:30
Updated At:02 Aug, 2024 | 23:18
Rejected At:
▼CVE Numbering Authority (CNA)
Improper Validation of Specified Quantity in Input in dolibarr/dolibarr

Improper Validation of Specified Quantity in Input vulnerability in dolibarr dolibarr/dolibarr.

Affected Products
Vendor
Dolibarr ERP & CRMdolibarr
Product
dolibarr/dolibarr
Default Status
unaffected
Versions
Affected
  • From unspecified before develop (custom)
Problem Types
TypeCWE IDDescription
CWECWE-1284CWE-1284 Improper Validation of Specified Quantity in Input
Type: CWE
CWE ID: CWE-1284
Description: CWE-1284 Improper Validation of Specified Quantity in Input
Metrics
VersionBase scoreBase severityVector
3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://huntr.dev/bounties/ed3ed4ce-3968-433c-a350-351c8f8b60db
x_refsource_CONFIRM
https://github.com/dolibarr/dolibarr/commit/d892160f4f130385a3ce520f66cb8cf2eb8c5c32
x_refsource_MISC
Hyperlink: https://huntr.dev/bounties/ed3ed4ce-3968-433c-a350-351c8f8b60db
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/dolibarr/dolibarr/commit/d892160f4f130385a3ce520f66cb8cf2eb8c5c32
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://huntr.dev/bounties/ed3ed4ce-3968-433c-a350-351c8f8b60db
x_refsource_CONFIRM
x_transferred
https://github.com/dolibarr/dolibarr/commit/d892160f4f130385a3ce520f66cb8cf2eb8c5c32
x_refsource_MISC
x_transferred
Hyperlink: https://huntr.dev/bounties/ed3ed4ce-3968-433c-a350-351c8f8b60db
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://github.com/dolibarr/dolibarr/commit/d892160f4f130385a3ce520f66cb8cf2eb8c5c32
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@huntr.dev
Published At:10 Jan, 2022 | 18:15
Updated At:02 Aug, 2023 | 09:15

Improper Validation of Specified Quantity in Input vulnerability in dolibarr dolibarr/dolibarr.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Secondary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Primary2.04.0MEDIUM
AV:N/AC:L/Au:S/C:N/I:P/A:N
Type: Primary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Type: Primary
Version: 2.0
Base score: 4.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:N/I:P/A:N
CPE Matches
Dolibarr ERP & CRM
dolibarr
>>dolibarr_erp\/crm>>Versions before 15.0.0(exclusive)
cpe:2.3:a:dolibarr:dolibarr_erp\/crm:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-1284Primarysecurity@huntr.dev
CWE-1284Secondarynvd@nist.gov
CWE ID: CWE-1284
Type: Primary
Source: security@huntr.dev
CWE ID: CWE-1284
Type: Secondary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/dolibarr/dolibarr/commit/d892160f4f130385a3ce520f66cb8cf2eb8c5c32security@huntr.dev
Patch
https://huntr.dev/bounties/ed3ed4ce-3968-433c-a350-351c8f8b60dbsecurity@huntr.dev
Exploit
Patch
Third Party Advisory
Hyperlink: https://github.com/dolibarr/dolibarr/commit/d892160f4f130385a3ce520f66cb8cf2eb8c5c32
Source: security@huntr.dev
Resource:
Patch
Hyperlink: https://huntr.dev/bounties/ed3ed4ce-3968-433c-a350-351c8f8b60db
Source: security@huntr.dev
Resource:
Exploit
Patch
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

7Records found
CVE-2022-0414
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.1||MEDIUM
EPSS-0.33% / 54.89%
||
7 Day CHG~0.00%
Published-31 Jan, 2022 | 00:00
Updated-02 Aug, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Validation of Specified Quantity in Input in dolibarr/dolibarr

Improper Validation of Specified Quantity in Input in Packagist dolibarr/dolibarr prior to 16.0.

Action-Not Available
Vendor-Dolibarr ERP & CRM
Product-dolibarr_erp\/crmdolibarr/dolibarr
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2020-14201
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 35.59%
||
7 Day CHG-0.00%
Published-21 Aug, 2020 | 18:30
Updated-04 Aug, 2024 | 12:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dolibarr CRM before 11.0.5 allows privilege escalation. This could allow remote authenticated attackers to upload arbitrary files via societe/document.php in which "disabled" is changed to "enabled" in the HTML source code.

Action-Not Available
Vendor-n/aDolibarr ERP & CRM
Product-dolibarrn/a
CVE-2021-25954
Matching Score-8
Assigner-Mend
ShareView Details
Matching Score-8
Assigner-Mend
CVSS Score-4.3||MEDIUM
EPSS-0.25% / 48.01%
||
7 Day CHG~0.00%
Published-09 Aug, 2021 | 16:58
Updated-17 Sep, 2024 | 00:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control in “Dolibarr”

In “Dolibarr” application, 2.8.1 to 13.0.4 don’t restrict or incorrectly restricts access to a resource from an unauthorized actor. A low privileged attacker can modify the Private Note which only an administrator has rights to do, the affected field is at “/adherents/note.php?id=1” endpoint.

Action-Not Available
Vendor-Dolibarr ERP & CRM
Product-dolibarrdolibarr
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-863
Incorrect Authorization
CVE-2022-0746
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.3||MEDIUM
EPSS-0.21% / 44.05%
||
7 Day CHG+0.01%
Published-25 Feb, 2022 | 09:05
Updated-02 Aug, 2024 | 23:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Business Logic Errors in dolibarr/dolibarr

Business Logic Errors in GitHub repository dolibarr/dolibarr prior to 16.0.

Action-Not Available
Vendor-Dolibarr ERP & CRM
Product-dolibarr_erp\/crmdolibarr/dolibarr
CWE ID-CWE-840
Not Available
CVE-2024-8558
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 25.77%
||
7 Day CHG~0.00%
Published-07 Sep, 2024 | 15:31
Updated-10 Sep, 2024 | 15:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Food Ordering Management System Price place-order.php improper validation of specified quantity in input

A vulnerability classified as problematic was found in SourceCodester Food Ordering Management System 1.0. This vulnerability affects unknown code of the file /foms/routers/place-order.php of the component Price Handler. The manipulation of the argument total leads to improper validation of specified quantity in input. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-food_ordering_management_systemFood Ordering Management Systemfood_ordering_management_system
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2023-4439
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 20.02%
||
7 Day CHG~0.00%
Published-20 Aug, 2023 | 22:31
Updated-02 Aug, 2024 | 07:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Card Holder Management System Minus Value unknown vulnerability

A vulnerability was found in SourceCodester Card Holder Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Minus Value Handler. The manipulation leads to improper validation of specified quantity in input. The attack may be launched remotely. The identifier of this vulnerability is VDB-237560.

Action-Not Available
Vendor-card_holder_management_system_projectSourceCodester
Product-card_holder_management_systemCard Holder Management System
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2022-0596
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.4||MEDIUM
EPSS-0.26% / 49.27%
||
7 Day CHG~0.00%
Published-15 Feb, 2022 | 00:00
Updated-02 Aug, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Validation of Specified Quantity in Input in microweber/microweber

Improper Validation of Specified Quantity in Input in Packagist microweber/microweber prior to 1.2.11.

Action-Not Available
Vendor-Microweber (‘Microweber Academy’ Foundation)
Product-microwebermicroweber/microweber
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
Details not found