CyberSec.Space Logo
Back to CVE Browser

CVE-2019-25710

HIGH
8.2
CVSS Severity Score
EPSS Score0.0060%
EPSS Percentile44.30th
PublishedApr 12, 2026
Last ModifiedApr 17, 2026

Vulnerability Description

Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows attackers to execute arbitrary SQL queries. Attackers can inject malicious SQL code through the rowid POST parameter to extract sensitive database information using error-based SQL injection techniques.

Affected Platforms (CPE)

📦
Dolibarr

Dolibarr Erp\/crm

<= 8.0.4

References & Advisories

🔗 https://sourceforge.net/projects/dolibarr/files/Dolibarr%20ERP-CRM/8.0.4/dolibarr-8.0.4.zip
🔗 https://www.dolibarr.org/
🔗 https://www.exploit-db.com/exploits/46095
🔗 https://www.vulncheck.com/advisories/dolibarr-erp-crm-sql-injection-via-rowid-parameter

Related Vulnerabilities

CVE-2018-253579.8

Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary c...

CVE-2021-259559.0

In “Dolibarr ERP CRM”, WYSIWYG Editor module, v2.8.1 to v13.0.2 are affected by a stored XSS vulnerability that allows low privile...

CVE-2021-336186.1

Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by > and < characters in the onpointermove attribute of...

CVE-2021-477795.4

Dolibarr ERP-CRM 14.0.2 contains a stored cross-site scripting vulnerability in the ticket creation module that allows low-privile...