{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2019-25710/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":8.2,"id":"CVE-2019-25710"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["sqli","cve-2019-25710","dolibarr","web-application"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eDolibarr ERP-CRM is a popular open-source enterprise resource planning and customer relationship management software. Version 8.0.4 of Dolibarr is susceptible to a critical SQL injection vulnerability (CVE-2019-25710) affecting the \u003ccode\u003erowid\u003c/code\u003e parameter in the \u003ccode\u003eadmin dict.php\u003c/code\u003e endpoint. This flaw allows unauthenticated attackers to inject malicious SQL code through the \u003ccode\u003erowid\u003c/code\u003e POST parameter. Successful exploitation enables attackers to execute arbitrary SQL queries against the Dolibarr database, potentially leading to the exposure of sensitive information, modification of data, or complete compromise of the application. This vulnerability can be exploited using error-based SQL injection techniques.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable Dolibarr ERP-CRM instance running version 8.0.4.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP POST request targeting the \u003ccode\u003eadmin/dict.php\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe request includes the \u003ccode\u003erowid\u003c/code\u003e parameter containing a SQL injection payload.\u003c/li\u003e\n\u003cli\u003eThe server-side application processes the request and executes the injected SQL code within the database query.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages error-based SQL injection techniques to extract sensitive information from the database, such as user credentials, API keys, or financial data.\u003c/li\u003e\n\u003cli\u003eThe attacker analyzes the error messages returned by the application to refine the SQL injection payload and bypass any security measures.\u003c/li\u003e\n\u003cli\u003eThe attacker potentially uses the extracted credentials to gain unauthorized access to other parts of the application or the underlying system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this SQL injection vulnerability can lead to severe consequences, including unauthorized access to sensitive data, data breaches, and complete compromise of the Dolibarr ERP-CRM system. The vulnerability allows attackers to extract sensitive database information, modify data, or potentially execute arbitrary code on the server. Given that ERP and CRM systems often contain critical business data, the impact can be significant for affected organizations.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply patches or upgrade to a secure version of Dolibarr ERP-CRM to remediate CVE-2019-25710.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Suspicious Dolibarr rowid Parameter SQL Injection Attempt\u003c/code\u003e to your SIEM to identify potential exploitation attempts against the \u003ccode\u003eadmin/dict.php\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for unusual POST requests to \u003ccode\u003eadmin/dict.php\u003c/code\u003e with suspicious characters or SQL keywords in the \u003ccode\u003erowid\u003c/code\u003e parameter to detect potential attacks.\u003c/li\u003e\n\u003cli\u003eImplement web application firewall (WAF) rules to filter out malicious SQL injection payloads targeting the \u003ccode\u003erowid\u003c/code\u003e parameter in \u003ccode\u003eadmin/dict.php\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-12T13:16:34Z","date_published":"2026-04-12T13:16:34Z","id":"/briefs/2026-04-dolibarr-sqli/","summary":"Dolibarr ERP-CRM 8.0.4 is vulnerable to SQL injection via the rowid parameter in the admin dict.php endpoint, allowing attackers to execute arbitrary SQL queries and extract sensitive database information.","title":"Dolibarr ERP-CRM 8.0.4 SQL Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-04-dolibarr-sqli/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2019-25710","version":"https://jsonfeed.org/version/1.1"}