CyberSec.Space Logo
CVEブラウザに戻る

CVE-2019-25710

HIGH
8.2
CVSS Severity Score
EPSS Score0.0060%
EPSS Percentile44.30th
Published2026年4月12日
Last Modified2026年4月17日

Vulnerability Description

Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows attackers to execute arbitrary SQL queries. Attackers can inject malicious SQL code through the rowid POST parameter to extract sensitive database information using error-based SQL injection techniques.

Affected Platforms (CPE)

📦
Dolibarr

Dolibarr Erp\/crm

<= 8.0.4

References & Advisories

🔗 https://sourceforge.net/projects/dolibarr/files/Dolibarr%20ERP-CRM/8.0.4/dolibarr-8.0.4.zip
🔗 https://www.dolibarr.org/
🔗 https://www.exploit-db.com/exploits/46095
🔗 https://www.vulncheck.com/advisories/dolibarr-erp-crm-sql-injection-via-rowid-parameter

関連する脆弱性情報

CVE-2018-253579.8

Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary c...

CVE-2021-259559.0

In “Dolibarr ERP CRM”, WYSIWYG Editor module, v2.8.1 to v13.0.2 are affected by a stored XSS vulnerability that allows low privile...

CVE-2021-336186.1

Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by > and < characters in the onpointermove attribute of...

CVE-2021-477795.4

Dolibarr ERP-CRM 14.0.2 contains a stored cross-site scripting vulnerability in the ticket creation module that allows low-privile...