{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34036", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-25T15:29:04.744Z", "datePublished": "2026-03-31T01:39:38.178Z", "dateUpdated": "2026-03-31T13:57:45.230Z"}, "containers": {"cna": {"title": "Dolibarr Core Discloses Sensitive Data via Authenticated Local File Inclusion in selectobject.php", "problemTypes": [{"descriptions": [{"cweId": "CWE-98", "lang": "en", "description": "CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/Dolibarr/dolibarr/security/advisories/GHSA-2mfj-r695-5h9r", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Dolibarr/dolibarr/security/advisories/GHSA-2mfj-r695-5h9r"}, {"name": "https://github.com/Dolibarr/dolibarr/commit/743c22e57c0b2a017d6b92bec865d71ce6177a6a", "tags": ["x_refsource_MISC"], "url": "https://github.com/Dolibarr/dolibarr/commit/743c22e57c0b2a017d6b92bec865d71ce6177a6a"}], "affected": [{"vendor": "Dolibarr", "product": "dolibarr", "versions": [{"version": "<= 22.0.4", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-31T01:39:38.178Z"}, "descriptions": [{"lang": "en", "value": "Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. In versions 22.0.4 and prior, there is a Local File Inclusion (LFI) vulnerability in the core AJAX endpoint /core/ajax/selectobject.php. By manipulating the objectdesc parameter and exploiting a fail-open logic flaw in the core access control function restrictedArea(), an authenticated user with no specific privileges can read the contents of arbitrary non-PHP files on the server (such as .env, .htaccess, configuration backups, or logs\u2026). At time of publication, there are no publicly available patches."}], "source": {"advisory": "GHSA-2mfj-r695-5h9r", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/Dolibarr/dolibarr/security/advisories/GHSA-2mfj-r695-5h9r", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-31T13:57:14.553725Z", "id": "CVE-2026-34036", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T13:57:45.230Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34036", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-31T13:57:14.553725Z"}}}], "references": [{"url": "https://github.com/Dolibarr/dolibarr/security/advisories/GHSA-2mfj-r695-5h9r", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T13:57:07.139Z"}}], "cna": {"title": "Dolibarr Core Discloses Sensitive Data via Authenticated Local File Inclusion in selectobject.php", "source": {"advisory": "GHSA-2mfj-r695-5h9r", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Dolibarr", "product": "dolibarr", "versions": [{"status": "affected", "version": "<= 22.0.4"}]}], "references": [{"url": "https://github.com/Dolibarr/dolibarr/security/advisories/GHSA-2mfj-r695-5h9r", "name": "https://github.com/Dolibarr/dolibarr/security/advisories/GHSA-2mfj-r695-5h9r", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/Dolibarr/dolibarr/commit/743c22e57c0b2a017d6b92bec865d71ce6177a6a", "name": "https://github.com/Dolibarr/dolibarr/commit/743c22e57c0b2a017d6b92bec865d71ce6177a6a", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. In versions 22.0.4 and prior, there is a Local File Inclusion (LFI) vulnerability in the core AJAX endpoint /core/ajax/selectobject.php. By manipulating the objectdesc parameter and exploiting a fail-open logic flaw in the core access control function restrictedArea(), an authenticated user with no specific privileges can read the contents of arbitrary non-PHP files on the server (such as .env, .htaccess, configuration backups, or logs\u2026). At time of publication, there are no publicly available patches."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-98", "description": "CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-31T01:39:38.178Z"}}}, "cveMetadata": {"cveId": "CVE-2026-34036", "state": "PUBLISHED", "dateUpdated": "2026-03-31T13:57:45.230Z", "dateReserved": "2026-03-25T15:29:04.744Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-31T01:39:38.178Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. In versions 22.0.4 and prior, there is a Local File Inclusion (LFI) vulnerability in the core AJAX endpoint /core/ajax/selectobject.php. By manipulating the objectdesc parameter and exploiting a fail-open logic flaw in the core access control function restrictedArea(), an authenticated user with no specific privileges can read the contents of arbitrary non-PHP files on the server (such as .env, .htaccess, configuration backups, or logs\u2026). At time of publication, there are no publicly available patches."}, {"lang": "es", "value": "Dolibarr es un paquete de software de planificaci\u00f3n de recursos empresariales (ERP) y gesti\u00f3n de relaciones con clientes (CRM). En las versiones 22.0.4 y anteriores, existe una vulnerabilidad de inclusi\u00f3n local de ficheros (LFI) en el endpoint AJAX principal /core/ajax/selectobject.php. Al manipular el par\u00e1metro objectdesc y explotar un fallo l\u00f3gico de 'fail-open' en la funci\u00f3n de control de acceso principal restrictedArea(), un usuario autenticado sin privilegios espec\u00edficos puede leer el contenido de ficheros no PHP arbitrarios en el servidor (como .env, .htaccess, copias de seguridad de configuraci\u00f3n o registros...). En el momento de la publicaci\u00f3n, no hay parches disponibles p\u00fablicamente."}], "id": "CVE-2026-34036", "lastModified": "2026-03-31T15:16:16.600", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-31T03:15:57.710", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/Dolibarr/dolibarr/commit/743c22e57c0b2a017d6b92bec865d71ce6177a6a"}, {"source": "security-advisories@github.com", "url": "https://github.com/Dolibarr/dolibarr/security/advisories/GHSA-2mfj-r695-5h9r"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/Dolibarr/dolibarr/security/advisories/GHSA-2mfj-r695-5h9r"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-98"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,22.0.4]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "dolibarr", "source": "cna", "vendor": "Dolibarr"}, "product": "dolibarr", "vendor": "dolibarr"}], "analysis": {"en": {"generated_at": "2026-03-31T05:24:06.056957+00:00", "value": {"mitigation_remediation": ["Apply the vendor\u2019s patch as soon as it is released.", "If a patch is unavailable, restrict or disable the selectobject.php endpoint for unauthenticated users, and limit authenticated access to trusted accounts.", "Implement file access controls to prevent browsing of sensitive directories, such as .env and backup folders.", "Use a web application firewall or intrusion detection system to block suspicious requests containing the objectdesc parameter.", "If unable to change configuration, monitor logs for unexpected access to server files."], "summary": {"action": "Seek Patch", "impact": "Sensitive Data Exposure via Local File Inclusion"}, "threat_synthesis": {"affected_systems": "The affected product is Dolibarr, an enterprise resource planning and customer\u2011relationship\u2011management suite. Versions 22.0.4 and all earlier releases are vulnerable.", "description_and_impact": "Dolibarr versions 22.0.4 and earlier contain a local file inclusion flaw in the AJAX endpoint /core/ajax/selectobject.php. By manipulating the objectdesc parameter and exploiting a fail\u2011open logic bug in the access control function, an attacker who is authenticated but has no special privileges can read arbitrary non\u2011PHP files on the server, such as .env, .htaccess, backup configurations or log files. This vulnerability leaks confidential data but does not provide code execution or direct system compromise.", "risk_and_exploitability": "The CVSS score of 6.5 indicates a moderate impact. EPSS data is unavailable, and the vulnerability is not listed in the CISA KEV catalog. The attack requires user authentication, so the risk is confined to accounts that have legitimate access; however, any authenticated user could exploit the flaw to obtain sensitive configuration files. In the absence of a public exploit, the risk is that an attacker can exfiltrate sensitive data, potentially exposing credentials or business secrets."}}}}, "created": "2026-03-31T19:56:28.596019+00:00", "updated": "2026-03-31T20:39:39.185456+00:00", "vendors": ["dolibarr", "dolibarr$PRODUCT$dolibarr"]}