SQL Injection in Dolibarr Erp-crm
CVE-2019-25710
Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows attackers to execute arbitrary SQL queries. Attackers can inject malicious SQL code through the rowid POST par…
Vulnerability class: SQL Injection
EPSS: 0.000 (11.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N.
Affected products
- Dolibarr Erp-crm — versions 8.0.4
Weakness classification (CWE)
References
- ExploitDB-46095 (exploit)
- Official Product Homepage (product)
- Product Reference (product)
- VulnCheck Advisory: Dolibarr ERP-CRM 8.0.4 SQL Injection via rowid Parameter (third-party-advisory)
Frequently asked questions
- What is CVE-2019-25710?
- CVE-2019-25710 is a high-severity vulnerability in Dolibarr Erp-crm, classified under SQL Injection. CVSS score: 8.2/10. Published 2026-04-12.
- How severe is CVE-2019-25710?
- High severity. CVSS v3 base score is 8.2 out of 10.