Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-25710) - Vulnerability Database

Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-25710)

Description

Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows attackers to execute arbitrary SQL queries. Attackers can inject malicious SQL code through the rowid POST parameter to extract sensitive database information using error-based SQL injection techniques.

References

CVE-2019-25710

Related Vulnerabilities

Artifactory Improper Privilege Management Vulnerability (CVE-2022-0668) Critical
Common tags: Missing Update Known Vulnerabilities
SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-1454) Medium
Common tags: Missing Update Known Vulnerabilities
SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2020-1439) High
Common tags: Missing Update Known Vulnerabilities
SharePoint CVE-2020-1440 Vulnerability (CVE-2020-1440) Medium
Common tags: Missing Update Known Vulnerabilities
SharePoint CVE-2020-1443 Vulnerability (CVE-2020-1443) Medium
Common tags: Missing Update Known Vulnerabilities

Severity

Critical

Classification

CVE-2019-25710
CWE-138
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Missing Update
Known Vulnerabilities