Back to VulnFeed / CVE-2026-11619
root@hackertop:~/vulnfeed/CVE-2026-11619#
CVE-2026-11619 MEDIUM RCE ⚠ Unpatched · Zero-day◉ PoC 公开 Lifecycle 4/7

Dolibarr ERP CRM up to 23.0.2 Legacy Filemanager config.inc.php improper authorization

ERP CRM 26d ago Impact pending confirmation
LIFECYCLE
5.7 CVSS
Vulnerability Detail Mitigation Lifecycle CVSS Assessment
Vulnerability Description
A vulnerability, which was classified as critical, was found in Dolibarr ERP CRM up to 23.0.2 (Enterprise Resource Planning Software). Affected is an unknown functionality of the file htdocs/core/filemanagerdol/connectors/php/config.inc.php of the component Legacy Filemanager. Upgrading to version 23.0.3 eliminates this vulnerability. The upgrade is hosted for download at github.com. Applying the patch f1b2dd6481e22cacb561d29ffdcd3a50b618479d is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.
Root Cause Analysis
CWE is classifying the issue as CWE-285. The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

Impact: This is going to have an impact on confidentiality, integrity, and availability.

Exploit: It is declared as proof-of-concept. By approaching the search of inurl:htdocs/core/filemanagerdol/connectors/php/config.inc.php it is possible to find vulnerable targets with Google Hacking.

Countermeasure: Upgrading to version 23.0.3 eliminates this vulnerability. The upgrade is hosted for download at github.com. Applying the patch f1b2dd6481e22cacb561d29ffdcd3a50b618479d is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.
Validation (PoC/EXP) - Looking for Contributors
No public PoC yet

Public validation traces already exist. Community contributors can extend them with richer reproduction content.

Contribute Your PoC/EXP
Log in to contribute PoC/EXP content. Log in
Back to VulnFeed
CVE-2026-11619 · CVSS 5.7 · Active Threat