CVE-2019-25710

Name of the Vulnerable Software and Affected Versions Dolibarr ERP-CRM version 8.0.4

Description An SQL injection flaw exists in the 'admin dict.php' endpoint. Attackers can execute arbitrary SQL queries and extract sensitive database information by injecting malicious code through the rowid POST parameter using error-based SQL injection techniques, which involve triggering database error messages to reveal data.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.