CVE-2019-25710
published 2026-04-12CVE-2019-25710: Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows attackers to execute arbitrary…
PriorityP355critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EPSS
0.31%
22.8th percentile
Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows attackers to execute arbitrary SQL queries. Attackers can inject malicious SQL code through the rowid POST parameter to extract sensitive database information using error-based SQL injection techniques.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dolibarr | dolibarr | 0 – 8.0.4 | — |
| dolibarr | dolibarr_erp-crm | — | — |
| dolibarr | dolibarr_erp_crm | <= 8.0.4 | — |
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvdv4.08.8HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Dolibarr has SQL injection vulnerability in the rowid parameter of the admin dict.php
ghsa·2026-04-12
CVE-2019-25710 [HIGH] CWE-89 Dolibarr has SQL injection vulnerability in the rowid parameter of the admin dict.php
Dolibarr has SQL injection vulnerability in the rowid parameter of the admin dict.php
Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows attackers to execute arbitrary SQL queries. Attackers can inject malicious SQL code through the rowid POST parameter to extract sensitive database information using error-based SQL injection techniques.
GHSA
GHSA-xxxg-x793-7fq3: Dolibarr ERP-CRM 8
ghsa_unreviewed·2026-04-12
CVE-2019-25710 [HIGH] CWE-89 GHSA-xxxg-x793-7fq3: Dolibarr ERP-CRM 8
Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows attackers to execute arbitrary SQL queries. Attackers can inject malicious SQL code through the rowid POST parameter to extract sensitive database information using error-based SQL injection techniques.
VulDB
Dolibarr ERP-CRM 8.0.4 POST Parameter dict.php rowid sql injection (Exploit 46095 / EDB-46095)
vuldb·2026-04-12·CVSS 8.8
CVE-2019-25710 [HIGH] Dolibarr ERP-CRM 8.0.4 POST Parameter dict.php rowid sql injection (Exploit 46095 / EDB-46095)
A vulnerability categorized as critical has been discovered in Dolibarr ERP-CRM 8.0.4. This vulnerability affects unknown code of the file dict.php of the component POST Parameter Handler. Such manipulation of the argument rowid leads to sql injection.
This vulnerability is listed as CVE-2019-25710. The attack may be performed from remote. In addition, an exploit is available.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-12
Published