CVE-2019-25710
SQL Injection in Dolibarr 8.0.4 admin dict.php Endpoint
Publication date: 2026-04-12
Last updated on: 2026-04-17
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dolibarr | dolibarr_erp/crm | to 8.0.4 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2019-25710 is an SQL injection vulnerability found in Dolibarr ERP-CRM version 8.0.4 and earlier. It exists in the 'rowid' parameter of the admin dict.php endpoint. An attacker can inject malicious SQL code through this parameter using error-based SQL injection techniques.
This injection allows the attacker to execute arbitrary SQL queries on the database, potentially extracting sensitive information by causing the database to return error messages containing the injected data.
How can this vulnerability impact me? :
This vulnerability can have a significant impact as it allows remote attackers to execute arbitrary SQL queries without authentication or user interaction.
- Attackers can extract sensitive database information, compromising confidentiality.
- The integrity of the data can be partially affected, although the main impact is on confidentiality.
- Since the attack can be performed remotely and without any privileges, it poses a high risk to affected systems.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This SQL injection vulnerability can be detected by testing the 'rowid' POST parameter on the admin dict.php endpoint for injection flaws using error-based SQL injection payloads.
A specific test command involves sending a POST request to the vulnerable endpoint with a payload designed to trigger an SQL error, such as the following payload in the 'rowid' parameter:
- rowid=\%' AND EXTRACTVALUE(6385,CONCAT(0x5c,0x716b717871,(SELECT (ELT(6385=6385,1))),0x7176787171)) AND '%'='
This payload uses the EXTRACTVALUE function to cause an error that reveals whether the injection is successful. You can use tools like curl or Burp Suite to send such POST requests to the URL endpoint `/doli/htdocs/admin/dict.php?id=16` and observe the responses for SQL error messages indicating vulnerability.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include:
- Restrict access to the vulnerable admin dict.php endpoint to trusted users only.
- Apply input validation and sanitization on the 'rowid' POST parameter to prevent SQL injection.
- If available, upgrade Dolibarr ERP-CRM to a version later than 8.0.4 where this vulnerability is fixed.
- Use web application firewalls (WAF) to detect and block malicious SQL injection attempts targeting this parameter.
Since the vulnerability allows remote exploitation without authentication, immediate access control and patching are critical to prevent data leakage.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The SQL injection vulnerability in Dolibarr ERP-CRM 8.0.4 allows attackers to extract sensitive database information by exploiting the 'rowid' parameter. This unauthorized access to sensitive data can lead to breaches of confidentiality.
Such exposure of sensitive information can negatively impact compliance with data protection regulations and standards like GDPR and HIPAA, which require the protection of personal and sensitive data against unauthorized access.
Therefore, this vulnerability poses a risk to maintaining compliance with these regulations due to the potential for data leakage and unauthorized data exposure.