ByteOS Network

Dolibarr ERP/CRM

Source -

CNA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2019-25452

Assigner-VulnCheck

View Details

Assigner-VulnCheck

CVSS Score-8.8||HIGH

EPSS-Not Assigned

Published-22 Feb, 2026 | 13:18

Updated-23 Feb, 2026 | 18:13

Dolibarr ERP/CRM 10.0.1 SQL Injection via elemid

Dolibarr ERP/CRM 10.0.1 contains an SQL injection vulnerability in the elemid POST parameter of the viewcat.php endpoint that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit crafted POST requests with malicious SQL payloads in the elemid parameter to extract sensitive database information using error-based or time-based blind SQL injection techniques.

Vendor-Dolibarr ERP & CRM

Product-Dolibarr ERP/CRM

CWE ID-CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVE-2019-25450

Assigner-VulnCheck

View Details

Assigner-VulnCheck

CVSS Score-7.1||HIGH

EPSS-Not Assigned

Published-22 Feb, 2026 | 13:18

Updated-23 Feb, 2026 | 18:13

Dolibarr ERP/CRM 10.0.1 SQL Injection via card.php

Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can inject malicious SQL through parameters like actioncode, demand_reason_id, and availability_id in card.php endpoints to extract sensitive database information using boolean-based blind, error-based, and time-based blind techniques.

Vendor-Dolibarr ERP & CRM

Product-Dolibarr ERP/CRM

CWE ID-CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')