VDB
CVE-2019-25452
CVE-2019-25452
PUBLISHED
Dolibarr ERP/CRM 10.0.1 contains an SQL injection vulnerability in the elemid POST parameter of the viewcat.php endpoint that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit crafted POST requests with malicious SQL payloads in the elemid parameter to extract sensitive database information using error-based or time-based blind SQL injection techniques.
EPSS 0.13% · 32.1th percentile
Risk Scores
EPSS Score
0.13%
32.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | dolibarr | 0, 3.5.7+dfsg1-1, 3.5.8+dfsg1-1 |
Exploit Intelligence
- https://www.exploit-db.com/exploits/47362 (nist-nvd)
- CIRCL seen: CVE-2019-25452 (circl-sighting)
- VulnCheck Advisory: Dolibarr ERP/CRM 10.0.1 SQL Injection via elemid (circl)
Timeline
- Feb 22, 2026 CVE Published
- Feb 23, 2026 EPSS Score
- Feb 25, 2026 EPSS Score
- Feb 26, 2026 EPSS Score
- Feb 28, 2026 EPSS Score
- Mar 1, 2026 EPSS Score
- Mar 1, 2026 PoC Published
- Mar 3, 2026 EPSS Score
- Mar 5, 2026 EPSS Score
- Mar 6, 2026 EPSS Score
- Mar 8, 2026 EPSS Score
- Mar 10, 2026 EPSS Score
References
- https://www.exploit-db.com/exploits/47362 third-party-advisory
- https://ubuntu.com/security/CVE-2019-25452 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-25452 third-party-advisory
- https://www.vulncheck.com/advisories/dolibarr-erpcrm-sql-injection-via-elemid third-party-advisory