Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Dolibarr ERP/CRM 10.0.1 allows hackers to extract sensitive database info
CVE-2019-25452
Summary
Dolibarr ERP/CRM version 10.0.1 has a security flaw that lets hackers access sensitive information from the database without needing a password. This is a serious issue because it could allow hackers to steal confidential data. Update to the latest version to protect your system.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| dolibarr | dolibarr_erp\/crm | 10.0.1 | – |
Original title
Dolibarr ERP/CRM 10.0.1 contains an SQL injection vulnerability in the elemid POST parameter of the viewcat.php endpoint that allows unauthenticated attackers to execute arbitrary SQL queries. Atta...
Original description
Dolibarr ERP/CRM 10.0.1 contains an SQL injection vulnerability in the elemid POST parameter of the viewcat.php endpoint that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit crafted POST requests with malicious SQL payloads in the elemid parameter to extract sensitive database information using error-based or time-based blind SQL injection techniques.
nvd CVSS3.1
7.5
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
- https://www.exploit-db.com/exploits/47362 Exploit VDB Entry
- https://www.vulncheck.com/advisories/dolibarr-erpcrm-sql-injection-via-elemid Broken Link
Published: 22 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026