Vulnerabilities ›

CVE-2019-25450

High ⚡ Exploit Available

CWE-89 — Weakness Type

                    Published: Feb 22, 2026                      ·  Modified: Feb 28, 2026                      ·  Source: NVD                

CVSS v3

7.1

🔗 NVD Official

📄 Description (English)

Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can inject malicious SQL through parameters like actioncode, demand_reason_id, and availability_id in card.php endpoints to extract sensitive database information using boolean-based blind, error-based, and time-based blind techniques.

🤖 AI Executive Summary

Dolibarr ERP/CRM 10.0.1 contains multiple authenticated SQL injection vulnerabilities in card.php endpoints that allow attackers to extract sensitive database information. With exploit code publicly available and affecting a widely-deployed ERP/CRM platform used across Saudi enterprises, this poses significant risk to organizational data confidentiality. Immediate patching is critical for all Saudi organizations running affected versions.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 9, 2026 08:36

🇸🇦 Saudi Arabia Impact Assessment

High impact on Saudi financial institutions, government agencies, and healthcare organizations using Dolibarr for ERP/CRM operations. Banking sector (SAMA-regulated entities) faces critical risk of unauthorized access to customer financial data and transaction records. Government agencies and municipalities using Dolibarr for procurement and HR systems risk exposure of sensitive administrative data. Healthcare providers risk patient data breaches. Energy sector (ARAMCO contractors) and telecom companies (STC, Mobily) using Dolibarr for supply chain management face operational disruption and data theft. SMEs across all sectors represent the largest vulnerable population in Saudi Arabia.

🏢 Affected Saudi Sectors

Banking and Financial Services Government and Public Administration Healthcare and Medical Services Energy and Utilities Telecommunications Manufacturing and Industrial Retail and E-commerce Education Small and Medium Enterprises (SMEs)

🎯 MITRE ATT&CK Techniques

T1190 - Exploit Public-Facing Application T1110 - Brute Force T1040 - Network Sniffing T1557 - Man-in-the-Middle T1005 - Data from Local System T1213 - Data from Information Repositories T1020 - Automated Exfiltration T1041 - Exfiltration Over C2 Channel

⚖️ Saudi Risk Score (AI)

7.8

/ 10.0

🔧 Remediation Steps (English)

IMMEDIATE ACTIONS:

1. Identify all Dolibarr instances running version 10.0.1 across your organization

2. Restrict database user permissions to principle of least privilege - remove unnecessary SELECT, INSERT, UPDATE, DELETE permissions

3. Implement Web Application Firewall (WAF) rules to block SQL injection patterns in POST parameters (actioncode, demand_reason_id, availability_id)

4. Enable database query logging and monitoring for suspicious SQL patterns

5. Review database access logs for unauthorized queries executed in past 90 days

PATCHING GUIDANCE:

1. Upgrade Dolibarr to version 10.0.2 or later immediately

2. Test patches in staging environment before production deployment

3. Backup all databases before applying patches

4. Schedule patching during maintenance windows to minimize business disruption

COMPENSATING CONTROLS (if immediate patching not possible):

1. Implement input validation and parameterized queries at application level

2. Use database activity monitoring (DAM) solutions to detect anomalous queries

3. Restrict network access to Dolibarr application to authorized users only

4. Implement multi-factor authentication for all Dolibarr user accounts

5. Disable unused card.php endpoints if not required for business operations

DETECTION RULES:

1. Monitor for SQL keywords in POST parameters: UNION, SELECT, INSERT, DELETE, DROP, EXEC

2. Alert on time-based delays in database responses (SLEEP, WAITFOR commands)

3. Track failed database authentication attempts and permission errors

4. Monitor for unusual database user activity outside normal business hours

5. Implement SIEM rules to correlate multiple failed SQL injection attempts from same source IP

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. تحديد جميع نسخ Dolibarr التي تعمل بالإصدار 10.0.1 في جميع أنحاء المنظمة

2. تقييد أذونات مستخدم قاعدة البيانات لمبدأ أقل امتياز - إزالة أذونات SELECT و INSERT و UPDATE و DELETE غير الضرورية

3. تنفيذ قواعد جدار حماية تطبيقات الويب (WAF) لحجب أنماط حقن SQL في معاملات POST

4. تفعيل تسجيل المراقبة لاستعلامات قاعدة البيانات والبحث عن أنماط SQL المريبة

5. مراجعة سجلات الوصول إلى قاعدة البيانات للاستعلامات غير المصرح بها المنفذة في آخر 90 يوماً



إرشادات التصحيح:

1. ترقية Dolibarr إلى الإصدار 10.0.2 أو أحدث فوراً

2. اختبار التصحيحات في بيئة التجريب قبل نشرها في الإنتاج

3. عمل نسخة احتياطية من جميع قواعد البيانات قبل تطبيق التصحيحات

4. جدولة التصحيحات خلال نوافذ الصيانة لتقليل انقطاع الأعمال



الضوابط البديلة (إذا لم يكن التصحيح الفوري ممكناً):

1. تنفيذ التحقق من صحة المدخلات والاستعلامات المعاملة على مستوى التطبيق

2. استخدام حلول مراقبة نشاط قاعدة البيانات (DAM) للكشف عن الاستعلامات الشاذة

3. تقييد الوصول إلى شبكة تطبيق Dolibarr للمستخدمين المصرح لهم فقط

4. تنفيذ المصادقة متعددة العوامل لجميع حسابات مستخدمي Dolibarr

5. تعطيل نقاط نهاية card.php غير المستخدمة إذا لم تكن مطلوبة للعمليات التجارية



قواعد الكشف:

1. مراقبة كلمات SQL الرئيسية في معاملات POST: UNION و SELECT و INSERT و DELETE و DROP و EXEC

2. التنبيه على التأخيرات المستندة إلى الوقت في استجابات قاعدة البيانات

3. تتبع محاولات المصادقة الفاشلة وأخطاء الأذونات في قاعدة البيانات

4. مراقبة نشاط مستخدم قاعدة البيانات غير العادي خارج ساعات العمل العادية

5. تنفيذ قواعد SIEM لربط محاولات حقن SQL المتعددة الفاشلة من نفس عنوان IP

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC 2024 A.14.2.1 - Information security requirements for supplier relationships ECC 2024 A.12.6.1 - Management of technical vulnerabilities ECC 2024 A.14.2.5 - Addressing information security in supplier agreements ECC 2024 A.12.3.1 - Configuration management

🔵 SAMA CSF

SAMA CSF ID.GV-1 - Organizational context and governance SAMA CSF PR.DS-6 - Data is protected from unauthorized access SAMA CSF DE.CM-1 - The network is monitored to detect potential cybersecurity events SAMA CSF RS.MI-2 - Incidents are mitigated

🟡 ISO 27001:2022

ISO 27001:2022 A.5.23 - Information security for supplier relationships ISO 27001:2022 A.8.1 - Organizational controls ISO 27001:2022 A.12.6.1 - Management of technical vulnerabilities ISO 27001:2022 A.14.2.1 - Supplier security requirements

🟣 PCI DSS v4.0.1

PCI DSS 6.2 - Ensure all system components and software are protected from known vulnerabilities PCI DSS 6.5.1 - Injection flaws prevention PCI DSS 11.2 - Run automated vulnerability scanning tools

🔗 References & Sources 2

🔗

https://www.exploit-db.com/exploits/47370

disclosure@vulncheck.com

Exploit VDB Entry

🔗

https://www.vulncheck.com/advisories/dolibarr-erpcrm-sql-injection-via-cardphp

disclosure@vulncheck.com

Broken Link

📦 Affected Products / CPE 1 entries

dolibarr:dolibarr_erp\/crm:10.0.1

📊 CVSS Score

7.1

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityL — Low / Local

AvailabilityN — None / Network

📋 Quick Facts

Severity High

CVSS Score7.1

CWECWE-89

EPSS0.04%

Exploit ✓ Yes

Patch ✓ Yes

Published 2026-02-22

Source Feed nvd

🇸🇦 Saudi Risk Score

7.8

/ 10.0 — Saudi Risk

Priority: CRITICAL

🏷️ Tags

exploit-available CWE-89

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2019-25450

💬 Comments

Introduce Yourself

Sign In Required