CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-25452

Dolibarr ERP/CRM 10.0.1 contains an SQL injection vulnerability in the elemid POST parameter of the viewcat.php endpoint that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit crafted POST requests with malicious SQL payloads in the elemid parameter to extract sensitive database information using error-based or time-based blind SQL injection techniques.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 16.6%

CVSS Severity

CVSS v3 Score 8.2

References

https://www.exploit-db.com/exploits/47362
https://www.vulncheck.com/advisories/dolibarr-erpcrm-sql-injection-via-elemid

Products affected by CVE-2019-25452

Dolibarr » Dolibarr Erp/crm » Version: 10.0.1

cpe:2.3:a:dolibarr:dolibarr_erp/crm:10.0.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-25452

Products

Pricing

Contact Us