CVE-2019-25450
Multiple SQL Injection Vulnerabilities in Dolibarr ERP/CRM
Publication date: 2026-02-22
Last updated on: 2026-03-02
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dolibarr | dolibarr_erp/crm | 10.0.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
Dolibarr ERP/CRM version 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting malicious SQL code through specific POST parameters.
The vulnerable parameters include actioncode, demand_reason_id, and availability_id in card.php endpoints. Attackers can exploit these parameters using boolean-based blind, error-based, and time-based blind SQL injection techniques targeting MySQL databases.
These injection techniques allow attackers to extract sensitive information from the database by manipulating SQL queries, causing errors that reveal data, or delaying responses to infer data.
How can this vulnerability impact me? :
This vulnerability can allow attackers to execute arbitrary SQL queries on the affected Dolibarr ERP/CRM database.
- Unauthorized access to sensitive database information.
- Potential data manipulation or corruption.
- Denial of service by causing delays in database responses.
Overall, it compromises the confidentiality and integrity of the data managed by the Dolibarr ERP/CRM system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by sending specially crafted POST requests to the vulnerable endpoints and parameters to test for SQL injection behavior.'}, {'type': 'list_item', 'content': "Send a POST request to /dolibarr-10.0.1/htdocs/comm/action/card.php with the parameter actioncode containing payloads such as: actioncode=AC_OTH_AUTO' RLIKE (SELECT (CASE WHEN (5096=5096) THEN 0x41435f4f54485f4155544f ELSE 0x28 END))--"}, {'type': 'list_item', 'content': 'Send a POST request to /dolibarr-10.0.1/htdocs/comm/propal/card.php with parameters demand_reason_id or availability_id containing payloads like: demand_reason_id=0 RLIKE (SELECT (CASE WHEN (8405=8405) THEN 0 ELSE 0x28 END))'}, {'type': 'list_item', 'content': 'Use time-based blind SQLi payloads to detect delays, for example: availability_id=0 AND (SELECT 9904 FROM (SELECT(SLEEP(5)))ZKPW)'}, {'type': 'paragraph', 'content': 'These tests can be performed using tools like curl or specialized SQL injection testing tools by sending the above payloads in POST requests and observing the responses or delays.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable endpoints to only trusted authenticated users and applying input validation and sanitization on POST parameters such as actioncode, demand_reason_id, and availability_id.
Additionally, consider implementing Web Application Firewall (WAF) rules to detect and block SQL injection attempts targeting these parameters.
If possible, upgrade to a fixed version of Dolibarr ERP/CRM or apply patches that address these SQL injection vulnerabilities.
Monitoring logs for suspicious POST requests containing SQL injection payloads can also help in early detection and response.