← back
CVE-2019-25710

Dolibarr ERP-CRM 8.0.4 SQL Injection via rowid Parameter

CVSS 8.8 HIGHEPSS 0.3%CWE-89
Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows attackers to execute arbitrary SQL queries. Attackers can inject malicious SQL code through the rowid POST parameter to extract sensitive database information using error-based SQL injection techniques.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
Affected products
Dolibarr · Dolibarr ERP-CRM
public PoCs found1
cve_referencewww.exploit-db.com/exploits/46095unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://sourceforge.net/projects/dolibarr/files/Dolibarr%20ERP-CRM/8.0.4/dolibarr-8.0.4.ziphttps://www.dolibarr.org/https://www.exploit-db.com/exploits/46095https://www.vulncheck.com/advisories/dolibarr-erp-crm-sql-injection-via-rowid-parameter