EUVD-2026-35294

🗓️ 09 Jun 2026 02:30:12Reported by EUVDType

Dolibarr system legacy filemanager config.inc.php allows improper authorization; remote exploit; fixed in 23.0.3.

Reporter	Title	Published	Views	Family All 5
ATTACKERKB	CVE-2026-11619	9 Jun 202602:30	–	attackerkb
CVE	CVE-2026-11619	9 Jun 202602:30	–	cve
Cvelist	CVE-2026-11619 Dolibarr ERP CRM Legacy Filemanager config.inc.php improper authorization	9 Jun 202602:30	–	cvelist
NVD	CVE-2026-11619	9 Jun 202603:16	–	nvd
Positive Technologies	PT-2026-47631	9 Jun 202600:00	–	ptsecurity

[
  {
    "enisaIdVendor": [
      {
        "id": "9a0bb1aa-4423-341d-b861-c858e5b462b7",
        "vendor": {
          "name": "Dolibarr"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "6f65ba85-9a4a-35d9-b59e-d89db16366bb",
        "product": {
          "name": "ERP CRM",
          "vendor": {
            "name": "Dolibarr"
          }
        },
        "product_version": "23.0.2"
      },
      {
        "id": "b4ca128b-7f2a-3721-8df8-217e361f0ad6",
        "product": {
          "name": "ERP CRM",
          "vendor": {
            "name": "Dolibarr"
          }
        },
        "product_version": "23.0.1"
      },
      {
        "id": "e650af47-c1b3-3b4d-abfa-1cead5ac2eab",
        "product": {
          "name": "ERP CRM",
          "vendor": {
            "name": "Dolibarr"
          }
        },
        "product_version": "23.0.0"
      }
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/vuln/369300
vuldb	www.vuldb.com/vuln/369300/cti
vuldb	www.vuldb.com/cve/CVE-2026-11619
vuldb	www.vuldb.com/submit/834038
github	www.github.com/dolibarr/dolibarr/commit/f1b2dd6481e22cacb561d29ffdcd3a50b618479d
github	www.github.com/Dolibarr/dolibarr/releases/tag/23.0.3

09 Jun 2026 02:30Current

6.1Medium risk

Vulners AI Score6.1

CVSS 45.3

CVSS 3.16.3

CVSS 26.5

CVSS 36.3