Primary

Context

Dolibarr ERP CRM Improper Authorization Vulnerability in Legacy Filemanager Component

Vulnerability

Patched

An improper authorization vulnerability has been identified in Dolibarr ERP CRM versions prior to 23.0.2. The issue resides in an unknown function within the file 'htdocs/core/filemanagerdol/connectors/php/config.inc.php', part of the Legacy Filemanager component. This vulnerability allows remote exploitation, as the affected function can be accessed without proper authorization. The exploit is publicly available.

Impact

Exploitation of this vulnerability could lead to unauthorized access or actions within the application, potentially allowing an attacker to manipulate files or data through the compromised filemanager component.

Remediation

Users can upgrade to Dolibarr ERP CRM version 23.0.3 to address this vulnerability. The patch has been applied in this version.

Added: Jun 9, 2026, 3:24 AM

Updated: Jun 9, 2026, 3:24 AM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

5.0

exploitability

8.0

remediation

7.7

relevance

9.3

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

5.0

exploitability

8.0

remediation

7.7

relevance

9.3

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Dolibarr ERP CRM Improper Authorization Vulnerability in Legacy Filemanager Component

Vulnerability

Impact

Remediation

Affected Products

Dolibarr

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating