CVE-2012-1225

Dolibarr < 3.2.0 - Authenticated SQL Injection via Memberslist or Rowid Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-1225. PoCs published by Benjamin Kunz Mejri.

AI-analyzed exploit summary The provided text describes an SQL injection vulnerability in Dolibarr 3.2.0 Alpha, where the 'rowid' parameter in the URL is not properly sanitized. It includes a basic example of an exploit URL but lacks actual exploit code.

Description

Multiple SQL injection vulnerabilities in Dolibarr CMS 3.2.0 Alpha and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) memberslist parameter (aka Member List) in list.php or (2) rowid parameter to adherents/fiche.php.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Benjamin Kunz Mejri · textwebappsphp
https://www.exploit-db.com/exploits/36683

The provided text describes an SQL injection vulnerability in Dolibarr 3.2.0 Alpha, where the 'rowid' parameter in the URL is not properly sanitized. It includes a basic example of an exploit URL but lacks actual exploit code.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Dolibarr 3.2.0 Alpha
No auth needed
Prerequisites: Access to the vulnerable URL endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/47969
Exploit mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2012-02/0056.html
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/51956
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/79011

Scores

EPSS 0.0258
EPSS Percentile 83.2%

Details

CWE
CWE-89
Status published
Products (12)
dolibarr/dolibarr_erp\/crm 2.5.0
dolibarr/dolibarr_erp\/crm 2.6.0
dolibarr/dolibarr_erp\/crm 2.6.1
dolibarr/dolibarr_erp\/crm 2.7.0
dolibarr/dolibarr_erp\/crm 2.7.1
dolibarr/dolibarr_erp\/crm 2.8.0
dolibarr/dolibarr_erp\/crm 2.8.1
dolibarr/dolibarr_erp\/crm 2.9.0
dolibarr/dolibarr_erp\/crm 3.0.0
dolibarr/dolibarr_erp\/crm 3.0.1
... and 2 more
Published Feb 21, 2012
Tracked Since Feb 18, 2026