CVE-2019-25710 PUBLISHED

Dolibarr ERP-CRM 8.0.4 SQL Injection via rowid Parameter

Assigner: VulnCheck
Reserved: 12.04.2026 Published: 12.04.2026 Updated: 12.04.2026

Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows attackers to execute arbitrary SQL queries. Attackers can inject malicious SQL code through the rowid POST parameter to extract sensitive database information using error-based SQL injection techniques.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
CVSS Score: 8.8

Product Status

Vendor Dolibarr
Product Dolibarr ERP-CRM
Versions
  • Version 8.0.4 is affected

Credits

  • Mehmet Önder Key finder

References

Problem Types

  • Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE