Nixpkgs security tracker

Untriaged

Permalink CVE-2026-34036

6.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): NONE
Availability impact (A): NONE

created 2 weeks, 3 days ago

Dolibarr Core Discloses Sensitive Data via Authenticated Local File Inclusion in selectobject.php

Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. In versions 22.0.4 and prior, there is a Local File Inclusion (LFI) vulnerability in the core AJAX endpoint /core/ajax/selectobject.php. By manipulating the objectdesc parameter and exploiting a fail-open logic flaw in the core access control function restrictedArea(), an authenticated user with no specific privileges can read the contents of arbitrary non-PHP files on the server (such as .env, .htaccess, configuration backups, or logs…). At time of publication, there are no publicly available patches.

References

https://github.com/Dolibarr/dolibarr/security/advisories/GHSA-2mfj-r695-5h9r exploitx_refsource_CONFIRM
https://github.com/Dolibarr/dolibarr/commit/743c22e57c0b2a017d6b92bec865d71ce6177a6a x_refsource_MISC

Affected products

dolibarr

==<= 22.0.4

Matching in nixpkgs

pkgs.dolibarr

Enterprise resource planning (ERP) and customer relationship manager (CRM) server

nixos-unstable 23.0.0
- nixpkgs-unstable 23.0.0
- nixos-unstable-small 23.0.0
nixos-25.11 22.0.4
- nixos-25.11-small 22.0.4
- nixpkgs-25.11-darwin 22.0.4

Package maintainers

@GaetanLepage Gaetan Lepage <gaetan@glepage.com>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.dolibarr

Package maintainers