📄 Description (English)
A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. The impacted element is an unknown function of the file htdocs/core/filemanagerdol/connectors/php/config.inc.php of the component Legacy Filemanager. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. Upgrading to version 23.0.3 is sufficient to resolve this issue. The identifier of the patch is f1b2dd6481e22cacb561d29ffdcd3a50b618479d. Upgrading the affected component is advised.
🤖 AI Executive Summary
Dolibarr ERP CRM versions up to 23.0.2 contain an improper authorization vulnerability in the Legacy Filemanager component that allows remote attackers to bypass access controls. The vulnerability affects the config.inc.php file and has a publicly available exploit, though patch availability is currently limited. Organizations using Dolibarr should immediately implement compensating controls and plan for urgent patching.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: Jun 9, 2026 07:30
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability poses significant risk to Saudi organizations using Dolibarr ERP CRM, particularly in: (1) Government agencies and municipalities relying on Dolibarr for document and resource management; (2) Small to medium-sized enterprises (SMEs) in retail, manufacturing, and services sectors; (3) Healthcare facilities using Dolibarr for administrative and inventory management; (4) Educational institutions managing institutional resources. The improper authorization flaw could allow unauthorized access to sensitive business documents, financial records, and confidential data, directly impacting compliance with NCA ECC 2024 and SAMA CSF requirements for access control and data protection.
🏢 Affected Saudi Sectors
Government and Public Administration
Small and Medium Enterprises (SMEs)
Healthcare and Medical Facilities
Education and Universities
Retail and E-commerce
Manufacturing
Professional Services
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
6.8
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify all instances of Dolibarr ERP CRM in your environment and document versions (particularly versions ≤23.0.2)
2. Restrict network access to htdocs/core/filemanagerdol/connectors/php/config.inc.php using WAF rules or firewall ACLs
3. Implement IP whitelisting for administrative access to Dolibarr instances
4. Review access logs for suspicious activity targeting the Legacy Filemanager component
PATCHING GUIDANCE:
1. Upgrade to Dolibarr version 23.0.3 or later immediately when available
2. Apply patch f1b2dd6481e22cacb561d29ffdcd3a50b618479d from official Dolibarr repository
3. Test patches in non-production environment before deployment
4. Maintain backup before patching
COMPENSATING CONTROLS (until patch available):
1. Disable Legacy Filemanager component if not actively used
2. Implement reverse proxy authentication (e.g., nginx/Apache) requiring additional authentication
3. Deploy Web Application Firewall (WAF) rules to block suspicious requests to config.inc.php
4. Implement file integrity monitoring (FIM) on affected PHP files
5. Restrict PHP execution permissions on filemanagerdol directory
DETECTION RULES:
1. Monitor HTTP requests to /htdocs/core/filemanagerdol/connectors/php/config.inc.php with unusual parameters
2. Alert on unauthorized file access attempts in Dolibarr logs
3. Track failed authentication attempts followed by successful access to filemanager functions
4. Monitor for privilege escalation patterns in Dolibarr audit logs
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. حدد جميع مثيلات Dolibarr ERP CRM في بيئتك وتوثيق الإصدارات (خاصة الإصدارات ≤23.0.2)
2. قيد الوصول إلى الشبكة إلى htdocs/core/filemanagerdol/connectors/php/config.inc.php باستخدام قواعد WAF أو قوائم التحكم في الوصول بجدار الحماية
3. تنفيذ قائمة بيضاء IP للوصول الإداري إلى مثيلات Dolibarr
4. راجع سجلات الوصول للنشاط المريب الموجه نحو مكون Legacy Filemanager
إرشادات التصحيح:
1. قم بالترقية إلى إصدار Dolibarr 23.0.3 أو أحدث فوراً عند توفره
2. تطبيق التصحيح f1b2dd6481e22cacb561d29ffdcd3a50b618479d من مستودع Dolibarr الرسمي
3. اختبر التصحيحات في بيئة غير الإنتاج قبل النشر
4. الحفاظ على النسخة الاحتياطية قبل التصحيح
عناصر التحكم التعويضية (حتى توفر التصحيح):
1. تعطيل مكون Legacy Filemanager إذا لم يكن قيد الاستخدام النشط
2. تنفيذ مصادقة reverse proxy (مثل nginx/Apache) تتطلب مصادقة إضافية
3. نشر قواعد Web Application Firewall (WAF) لحظر الطلبات المريبة إلى config.inc.php
4. تنفيذ مراقبة سلامة الملفات (FIM) على ملفات PHP المتأثرة
5. تقييد أذونات تنفيذ PHP على دليل filemanagerdol
قواعد الكشف:
1. مراقبة طلبات HTTP إلى /htdocs/core/filemanagerdol/connectors/php/config.inc.php بمعاملات غير عادية
2. تنبيه على محاولات الوصول غير المصرح بها للملفات في سجلات Dolibarr
3. تتبع محاولات المصادقة الفاشلة متبوعة بالوصول الناجح إلى وظائف filemanager
4. مراقبة أنماط تصعيد الامتيازات في سجلات تدقيق Dolibarr
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
A.9.1.1 - Access control policy
A.9.2.1 - User registration and de-registration
A.9.2.5 - Access rights review
A.9.4.3 - Password management
A.14.2.1 - Secure development policy
🔵 SAMA CSF
AC-2: Account Management
AC-3: Access Enforcement
AC-6: Least Privilege
SI-4: Information System Monitoring
AU-2: Audit Events
🟡 ISO 27001:2022
6.2 - Determine access needs
6.3 - Access control
8.2.3 - Segregation of duties
8.3.2 - User access provisioning
8.3.3 - Management of privileged access rights
🟣 PCI DSS v4.0.1
Requirement 7 - Restrict access to data by business need to know
Requirement 8 - Identify and authenticate access to system components
🔗 References & Sources 6
🔗
🔗
🔗
🔗
🔗
🔗
https://github.com/Dolibarr/dolibarr/releases/tag/23.0.3
cna@vuldb.com
https://github.com/dolibarr/dolibarr/commit/f1b2dd6481e22cacb561d29ffdcd3a50b618479d
cna@vuldb.com
https://vuldb.com/cve/CVE-2026-11619
cna@vuldb.com
https://vuldb.com/submit/834038
cna@vuldb.com
https://vuldb.com/vuln/369300
cna@vuldb.com
https://vuldb.com/vuln/369300/cti
cna@vuldb.com