SQL Injection Affecting dolibarr/dolibarr package, versions <8.0.5

Q: How to fix?

Upgrade dolibarr/dolibarr to version 8.0.5 or higher.

Threat Intelligence

0.03% (9^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about SQL Injection vulnerabilities in an interactive lesson.

Start learning

Snyk IDSNYK-PHP-DOLIBARRDOLIBARR-15992194
published12 Apr 2026
disclosed12 Apr 2026
creditMehmet Onder Key

Report a new vulnerability Found a mistake?

Introduced: 12 Apr 2026

NewCVE-2019-25710 (opens in a new tab) CWE-89 (opens in a new tab)

How to fix?

Upgrade dolibarr/dolibarr to version 8.0.5 or higher.

Overview

dolibarr/dolibarr is a modern and easy to use web software to manage your business.

Affected versions of this package are vulnerable to SQL Injection via the rowid parameter in the admin/dict.php process. An attacker can access sensitive database information and partially modify data by injecting crafted SQL statements.

References

CVSS Base Scores

version 4.0

version 3.1

Attack Vector (AV)
Network
Attack Complexity (AC)
Low
Attack Requirements (AT)
None
Privileges Required (PR)
None
User Interaction (UI)
None

Confidentiality (VC)
High
Integrity (VI)
Low
Availability (VA)
None

Confidentiality (SC)
None
Integrity (SI)
None
Availability (SA)
None