Dolibarr ERP CRM Legacy Filemanager config.inc.php improper authorization_CVE-2026-11619

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. The impacted element is an unknown function of the file htdocs/core/filemanagerdol/connectors/php/config.inc.php of the component Legacy Filemanager. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. Upgrading to version 23.0.3 is sufficient to resolve this issue. The identifier of the patch is f1b2dd6481e22cacb561d29ffdcd3a50b618479d. Upgrading the affected component is advised.

Basic Information

ID CVE-2026-11619

Source VulDB

Published Jun 9, 2026 at 02:30

Affected Product

Vendor Dolibarr

Product ERP CRM

Version 23.0.0

Affected Versions Dolibarr ERP CRM 23.0.0
Dolibarr ERP CRM 23.0.1
Dolibarr ERP CRM 23.0.2

CWE Classification

CWE-285 CWE-266

References

{
    "lastseen": "",
    "description": "A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. The impacted element is an unknown function of the file htdocs/core/filemanagerdol/connectors/php/config.inc.php of the component Legacy Filemanager. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. Upgrading to version 23.0.3 is sufficient to resolve this issue. The identifier of the patch is f1b2dd6481e22cacb561d29ffdcd3a50b618479d. Upgrading the affected component is advised.",
    "published": "2026-06-09T02:30:12.759Z",
    "modified": "2026-06-09T02:30:12.759Z",
    "type": "cve",
    "title": "Dolibarr ERP CRM Legacy Filemanager config.inc.php improper authorization",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/369300\nhttps://vuldb.com/vuln/369300/cti\nhttps://vuldb.com/cve/CVE-2026-11619\nhttps://vuldb.com/submit/834038\nhttps://github.com/dolibarr/dolibarr/commit/f1b2dd6481e22cacb561d29ffdcd3a50b618479d\nhttps://github.com/Dolibarr/dolibarr/releases/tag/23.0.3",
    "id": "CVE-2026-11619",
    "bulletinFamily": "",
    "cwe": [
        "CWE-285",
        "CWE-266"
    ],
    "cvelist": null,
    "sourceData": "Dolibarr ERP CRM 23.0.0\nDolibarr ERP CRM 23.0.1\nDolibarr ERP CRM 23.0.2",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ERP CRM",
    "version": "23.0.0",
    "vendor": "Dolibarr",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}