CVE-2019-25710

HIGH

Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows attackers to execute arbitrary SQL queries. Attackers can inject malicious SQL code through the rowid POST parameter to extract sensitive database information using error-based SQL injection techniques.

CVSS v3.1 Score

8.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Attack Vector

NETWORK

Complexity

LOW

Privileges

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

LOW

Availability

NONE

Published: 4/12/2026Modified: 4/17/2026

Related Intelligence (0)

No articles currently reference this CVE.

References (4)

https://sourceforge.net/projects/dolibarr/files/Dolibarr%20ERP-CRM/8.0.4/dolibarr-8.0.4.zipProduct https://www.dolibarr.org/Product https://www.exploit-db.com/exploits/46095ExploitVDB Entry https://www.vulncheck.com/advisories/dolibarr-erp-crm-sql-injection-via-rowid-parameterThird Party Advisory