CVE-2019-25710
Dolibarr ERP-CRM 8.0.4 SQL Injection via rowid Parameter
CVSS Score
8.2
EPSS Score
0.0%
EPSS Percentile
0th
Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows attackers to execute arbitrary SQL queries. Attackers can inject malicious SQL code through the rowid POST parameter to extract sensitive database information using error-based SQL injection techniques.
| CWE | CWE-89 |
| Vendor | dolibarr |
| Product | dolibarr erp-crm |
| Published | Apr 12, 2026 |
| Last Updated | Apr 13, 2026 |
Stay Ahead of the Next One
Get instant alerts for dolibarr dolibarr erp-crm
Be the first to know when new high vulnerabilities affecting dolibarr dolibarr erp-crm are published β delivered to Slack, Telegram or Discord.
Get Free Alerts β
Free Β· No credit card Β· 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
None
Affected Versions
Dolibarr / Dolibarr ERP-CRM
8.0.4
References
exploit-db.com: https://www.exploit-db.com/exploits/46095 dolibarr.org: https://www.dolibarr.org/ sourceforge.net: https://sourceforge.net/projects/dolibarr/files/Dolibarr%20ERP-CRM/8.0.4/dolibarr-8.0.4.zip vulncheck.com: https://www.vulncheck.com/advisories/dolibarr-erp-crm-sql-injection-via-rowid-parameter
Credits
Mehmet Γnder Key