Dolibarr Core Discloses Sensitive Data via Authenticated Local File Inclusion in selectobject.php

Authenticated Local File Inclusion LFI via selectobject.php leading to sensitive data disclosure Target Dolibarr Core Tested on version 22.0.4 Summary A Local File Inclusion LFI vulnerability has been discovered in the core AJAX endpoint /core/ajax/selectobject.php. By manipulating the objectdesc...

GHSA-2MFJ-R695-5H9R Dolibarr Core Discloses Sensitive Data via Authenticated Local File Inclusion in selectobject.php

Authenticated Local File Inclusion LFI via selectobject.php leading to sensitive data disclosure Target Dolibarr Core Tested on version 22.0.4 Summary A Local File Inclusion LFI vulnerability has been discovered in the core AJAX endpoint /core/ajax/selectobject.php. By manipulating the objectdesc...

PT-2026-28592

Name of the Vulnerable Software and Affected Versions Dolibarr versions 22.0.4 and earlier Description Dolibarr is an enterprise resource planning ERP and customer relationship management CRM software package. A Local File Inclusion LFI vulnerability exists in the core AJAX endpoint...

CVE-2020-12669

core/getmenudiv.php in Dolibarr before 11.0.4 allows remote authenticated attackers to bypass intended access restrictions via a non-alphanumeric menu parameter...