📄 Description (English)
Dolibarr ERP/CRM 10.0.1 contains an SQL injection vulnerability in the elemid POST parameter of the viewcat.php endpoint that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit crafted POST requests with malicious SQL payloads in the elemid parameter to extract sensitive database information using error-based or time-based blind SQL injection techniques.
🤖 AI Executive Summary
Dolibarr ERP/CRM 10.0.1 contains a critical unauthenticated SQL injection vulnerability in the viewcat.php endpoint that allows attackers to execute arbitrary SQL queries and extract sensitive database information. This vulnerability poses significant risk to Saudi organizations using Dolibarr for enterprise resource planning and customer relationship management, as it requires no authentication and has publicly available exploits. Immediate patching is essential to prevent unauthorized access to financial, customer, and operational data.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: Apr 25, 2026 06:38
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability poses critical risk to Saudi SMEs and enterprises using Dolibarr for ERP/CRM operations, particularly in: (1) Banking and Financial Services sector — risk of unauthorized access to customer financial data and transaction records; (2) Government agencies and municipalities — exposure of administrative and citizen data; (3) Healthcare organizations — potential breach of patient records and medical information; (4) Retail and E-commerce — compromise of customer databases and sales information; (5) Manufacturing and Distribution — exposure of supply chain and inventory data. The unauthenticated nature of the exploit makes it particularly dangerous as attackers can target Dolibarr instances without valid credentials, and the availability of public exploits increases likelihood of opportunistic attacks against Saudi organizations.
🏢 Affected Saudi Sectors
Banking and Financial Services
Government and Public Administration
Healthcare and Medical Services
Retail and E-commerce
Manufacturing and Industrial
Telecommunications
Energy and Utilities
Education
Hospitality and Tourism
Real Estate and Construction
🎯 MITRE ATT&CK Techniques
T1190 - Exploit Public-Facing Application
T1566 - Phishing
T1589 - Gather Victim Identity Information
T1590 - Gather Victim Network Information
T1592 - Gather Victim Host Information
T1595 - Active Scanning
T1598 - Phishing for Information
T1600 - Weaken Encryption
T1110 - Brute Force
T1040 - Network Sniffing
T1557 - Adversary-in-the-Middle
T1005 - Data from Local System
T1039 - Data from Network Shared Drive
T1025 - Data from Removable Media
T1213 - Data from Information Repositories
T1005 - Data Staged
T1020 - Automated Exfiltration
T1030 - Data Transfer Size Limits
T1048 - Exfiltration Over Alternative Protocol
⚖️ Saudi Risk Score (AI)
8.8
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify all Dolibarr instances in your environment running version 10.0.1 or earlier vulnerable versions
2. Implement network-level access controls to restrict access to viewcat.php endpoint from untrusted sources
3. Enable Web Application Firewall (WAF) rules to block SQL injection patterns in POST parameters, specifically filtering elemid parameter for SQL keywords (UNION, SELECT, DROP, INSERT, etc.)
4. Review database access logs and audit trails for suspicious SQL queries executed in the past 30 days
PATCHING GUIDANCE:
1. Upgrade Dolibarr to version 10.0.2 or later immediately
2. If immediate upgrade is not possible, apply vendor security patches when available
3. Test patches in non-production environment before deployment
4. Coordinate patching across all Dolibarr instances to ensure consistent security posture
COMPENSATING CONTROLS (if patching delayed):
1. Implement input validation and sanitization for all POST parameters, especially elemid
2. Use parameterized queries/prepared statements for all database operations
3. Apply principle of least privilege to database user accounts used by Dolibarr
4. Restrict database user permissions to only necessary tables and operations
5. Implement database activity monitoring and alerting for suspicious queries
6. Disable error messages that reveal database structure information
DETECTION RULES:
1. Monitor for POST requests to viewcat.php with elemid parameters containing SQL keywords or special characters (', ", --, ;, /**/)
2. Alert on database error messages containing SQL syntax or table/column names
3. Track unusual database query patterns or high-volume queries from Dolibarr application user
4. Monitor for time-based delays in HTTP responses to viewcat.php (potential blind SQL injection)
5. Log and alert on failed database authentication attempts from Dolibarr service account
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع نسخ Dolibarr في بيئتك التي تعمل بالإصدار 10.0.1 أو الإصدارات الأقدم المعرضة للخطر
2. تطبيق عناصر التحكم في الوصول على مستوى الشبكة لتقييد الوصول إلى نقطة نهاية viewcat.php من مصادر غير موثوقة
3. تفعيل قواعد جدار حماية تطبيقات الويب (WAF) لحجب أنماط حقن SQL في معاملات POST، مع تصفية معامل elemid بحثاً عن كلمات SQL (UNION, SELECT, DROP, INSERT, إلخ)
4. مراجعة سجلات الوصول إلى قاعدة البيانات وسجلات التدقيق للاستعلامات SQL المريبة المنفذة في آخر 30 يوماً
إرشادات التصحيح:
1. ترقية Dolibarr إلى الإصدار 10.0.2 أو أحدث على الفور
2. إذا لم يكن الترقية الفورية ممكنة، قم بتطبيق تصحيحات الأمان من المورد عند توفرها
3. اختبر التصحيحات في بيئة غير الإنتاج قبل النشر
4. نسق التصحيح عبر جميع نسخ Dolibarr لضمان موقف أمني متسق
عناصر التحكم البديلة (إذا تأخر التصحيح):
1. تطبيق التحقق من صحة المدخلات والتطهير لجميع معاملات POST، خاصة elemid
2. استخدام الاستعلامات المعاملة/البيانات المحضرة لجميع عمليات قاعدة البيانات
3. تطبيق مبدأ أقل امتياز على حسابات مستخدمي قاعدة البيانات التي يستخدمها Dolibarr
4. تقييد أذونات مستخدم قاعدة البيانات إلى الجداول والعمليات الضرورية فقط
5. تطبيق المراقبة والتنبيهات لنشاط قاعدة البيانات للاستعلامات المريبة
6. تعطيل رسائل الخطأ التي تكشف عن هيكل قاعدة البيانات
قواعد الكشف:
1. مراقبة طلبات POST إلى viewcat.php مع معاملات elemid تحتوي على كلمات SQL أو أحرف خاصة (', ", --, ;, /**/)
2. التنبيه على رسائل خطأ قاعدة البيانات التي تحتوي على بناء جملة SQL أو أسماء الجداول/الأعمدة
3. تتبع أنماط استعلامات قاعدة البيانات غير العادية أو الاستعلامات عالية الحجم من مستخدم تطبيق Dolibarr
4. مراقبة التأخيرات المستندة إلى الوقت في استجابات HTTP إلى viewcat.php (حقن SQL أعمى محتمل)
5. تسجيل والتنبيه على محاولات مصادقة قاعدة البيانات الفاشلة من حساب خدمة Dolibarr
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
A.5.1.1 - Information Security Policies and Procedures
A.6.1.1 - Access Control Policy
A.6.2.1 - User Registration and De-registration
A.7.1.1 - Cryptography Policy
A.8.1.1 - Physical and Environmental Security
A.9.1.1 - Operations Security
A.10.1.1 - Communications Security
A.12.1.1 - Compliance with Legal Requirements
🔵 SAMA CSF
Governance and Risk Management - GRM-01: Information Security Governance
Governance and Risk Management - GRM-02: Risk Assessment and Management
Protection and Resilience - PR-01: Access Control
Protection and Resilience - PR-02: Data Protection
Protection and Resilience - PR-03: Cryptography
Detection and Response - DR-01: Security Monitoring and Logging
Detection and Response - DR-02: Incident Management
🟡 ISO 27001:2022
5.1 - Policies for information security
6.1 - Information security roles and responsibilities
6.2 - Information security competencies
7.1 - General
8.1 - Operational planning and control
8.2 - Supply chain relationships
8.3 - Information and communication
A.5.1 - Policies for information security
A.6.1 - Information security roles and responsibilities
A.8.1 - User endpoint devices
A.8.2 - Privileged access rights
A.8.3 - Information access restriction
A.9.1 - Audit logging
A.9.2 - Monitoring
A.9.4 - Event logging
A.14.1 - Information security requirements analysis and specification
A.14.2 - Information security design and implementation
🟣 PCI DSS v4.0.1
Requirement 1 - Install and maintain a firewall configuration
Requirement 2 - Do not use vendor-supplied defaults
Requirement 6 - Develop and maintain secure systems and applications
Requirement 6.2 - Ensure that all system components and software are protected from known vulnerabilities
Requirement 6.5 - Injection flaws prevention
Requirement 8 - Identify and authenticate access to system components
Requirement 10 - Track and monitor all access to network resources and cardholder data
📦 Affected Products / CPE 1 entries
dolibarr:dolibarr_erp\/crm:10.0.1