Fluid Attacks Database

Description

Dolibarr has SQL injection vulnerability in the rowid parameter of the admin dict.php Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows attackers to execute arbitrary SQL queries. Attackers can inject malicious SQL code through the rowid POST parameter to extract sensitive database information using error-based SQL injection techniques.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
packagist	dolibarr/dolibarr	>=0 <=8.0.4	8.0.5

Aliases

1. CVE-2019-257102. NVD-2019-257103. OSV-2019-257104. GCVE-2019-25710

References

1. https://sourceforge.net/projects/dolibarr/files/Dolibarr%20ERP-CRM/8.0.4/dolibarr-8.0.4.zip2. https://www.dolibarr.org3. https://www.exploit-db.com/exploits/460954. https://www.vulncheck.com/advisories/dolibarr-erp-crm-sql-injection-via-rowid-parameter

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.