CVE-2019-25452

HIGH 7.5

Dolibarr ERP/CRM 10.0.1 SQL Injection via elemid

CVSS Score

7.5

EPSS Score

0.0%

EPSS Percentile

0th

Dolibarr ERP/CRM 10.0.1 contains an SQL injection vulnerability in the elemid POST parameter of the viewcat.php endpoint that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit crafted POST requests with malicious SQL payloads in the elemid parameter to extract sensitive database information using error-based or time-based blind SQL injection techniques.

CWE	CWE-89
Vendor	dolibarr
Product	dolibarr erp/crm
Published	Feb 22, 2026
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for dolibarr dolibarr erp/crm

Be the first to know when new high vulnerabilities affecting dolibarr dolibarr erp/crm are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected Versions

Dolibarr / Dolibarr ERP/CRM

10.0.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/47362 vulncheck.com: https://www.vulncheck.com/advisories/dolibarr-erpcrm-sql-injection-via-elemid

Credits

Metin Yunus Kandemir (kandemir)