{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34036", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-25T15:29:04.744Z", "datePublished": "2026-03-31T01:39:38.178Z", "dateUpdated": "2026-03-31T13:57:45.230Z"}, "containers": {"cna": {"title": "Dolibarr Core Discloses Sensitive Data via Authenticated Local File Inclusion in selectobject.php", "problemTypes": [{"descriptions": [{"cweId": "CWE-98", "lang": "en", "description": "CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/Dolibarr/dolibarr/security/advisories/GHSA-2mfj-r695-5h9r", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Dolibarr/dolibarr/security/advisories/GHSA-2mfj-r695-5h9r"}, {"name": "https://github.com/Dolibarr/dolibarr/commit/743c22e57c0b2a017d6b92bec865d71ce6177a6a", "tags": ["x_refsource_MISC"], "url": "https://github.com/Dolibarr/dolibarr/commit/743c22e57c0b2a017d6b92bec865d71ce6177a6a"}], "affected": [{"vendor": "Dolibarr", "product": "dolibarr", "versions": [{"version": "<= 22.0.4", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-31T01:39:38.178Z"}, "descriptions": [{"lang": "en", "value": "Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. In versions 22.0.4 and prior, there is a Local File Inclusion (LFI) vulnerability in the core AJAX endpoint /core/ajax/selectobject.php. By manipulating the objectdesc parameter and exploiting a fail-open logic flaw in the core access control function restrictedArea(), an authenticated user with no specific privileges can read the contents of arbitrary non-PHP files on the server (such as .env, .htaccess, configuration backups, or logs\u2026). At time of publication, there are no publicly available patches."}], "source": {"advisory": "GHSA-2mfj-r695-5h9r", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/Dolibarr/dolibarr/security/advisories/GHSA-2mfj-r695-5h9r", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-31T13:57:14.553725Z", "id": "CVE-2026-34036", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T13:57:45.230Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34036", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-31T13:57:14.553725Z"}}}], "references": [{"url": "https://github.com/Dolibarr/dolibarr/security/advisories/GHSA-2mfj-r695-5h9r", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T13:57:07.139Z"}}], "cna": {"title": "Dolibarr Core Discloses Sensitive Data via Authenticated Local File Inclusion in selectobject.php", "source": {"advisory": "GHSA-2mfj-r695-5h9r", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Dolibarr", "product": "dolibarr", "versions": [{"status": "affected", "version": "<= 22.0.4"}]}], "references": [{"url": "https://github.com/Dolibarr/dolibarr/security/advisories/GHSA-2mfj-r695-5h9r", "name": "https://github.com/Dolibarr/dolibarr/security/advisories/GHSA-2mfj-r695-5h9r", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/Dolibarr/dolibarr/commit/743c22e57c0b2a017d6b92bec865d71ce6177a6a", "name": "https://github.com/Dolibarr/dolibarr/commit/743c22e57c0b2a017d6b92bec865d71ce6177a6a", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. In versions 22.0.4 and prior, there is a Local File Inclusion (LFI) vulnerability in the core AJAX endpoint /core/ajax/selectobject.php. By manipulating the objectdesc parameter and exploiting a fail-open logic flaw in the core access control function restrictedArea(), an authenticated user with no specific privileges can read the contents of arbitrary non-PHP files on the server (such as .env, .htaccess, configuration backups, or logs\u2026). At time of publication, there are no publicly available patches."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-98", "description": "CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-31T01:39:38.178Z"}}}, "cveMetadata": {"cveId": "CVE-2026-34036", "state": "PUBLISHED", "dateUpdated": "2026-03-31T13:57:45.230Z", "dateReserved": "2026-03-25T15:29:04.744Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-31T01:39:38.178Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dolibarr:dolibarr_erp\\/crm:*:*:*:*:*:*:*:*", "matchCriteriaId": "3BAE3269-374D-425C-B943-C4DA4494F7BF", "versionEndIncluding": "22.0.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. In versions 22.0.4 and prior, there is a Local File Inclusion (LFI) vulnerability in the core AJAX endpoint /core/ajax/selectobject.php. By manipulating the objectdesc parameter and exploiting a fail-open logic flaw in the core access control function restrictedArea(), an authenticated user with no specific privileges can read the contents of arbitrary non-PHP files on the server (such as .env, .htaccess, configuration backups, or logs\u2026). At time of publication, there are no publicly available patches."}, {"lang": "es", "value": "Dolibarr es un paquete de software de planificaci\u00f3n de recursos empresariales (ERP) y gesti\u00f3n de relaciones con clientes (CRM). En las versiones 22.0.4 y anteriores, existe una vulnerabilidad de inclusi\u00f3n local de ficheros (LFI) en el endpoint AJAX principal /core/ajax/selectobject.php. Al manipular el par\u00e1metro objectdesc y explotar un fallo l\u00f3gico de 'fail-open' en la funci\u00f3n de control de acceso principal restrictedArea(), un usuario autenticado sin privilegios espec\u00edficos puede leer el contenido de ficheros no PHP arbitrarios en el servidor (como .env, .htaccess, copias de seguridad de configuraci\u00f3n o registros...). En el momento de la publicaci\u00f3n, no hay parches disponibles p\u00fablicamente."}], "id": "CVE-2026-34036", "lastModified": "2026-04-03T16:54:36.280", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-31T03:15:57.710", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/Dolibarr/dolibarr/commit/743c22e57c0b2a017d6b92bec865d71ce6177a6a"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"], "url": "https://github.com/Dolibarr/dolibarr/security/advisories/GHSA-2mfj-r695-5h9r"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Mitigation", "Vendor Advisory"], "url": "https://github.com/Dolibarr/dolibarr/security/advisories/GHSA-2mfj-r695-5h9r"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-98"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}