Nixpkgs security tracker

Permalink CVE-2026-23500

updated 1 month, 1 week ago by @LeSuisse Activity log

Created suggestion 1 month, 1 week ago
@LeSuisse accepted 1 month, 1 week ago
@LeSuisse published on GitHub 1 month, 1 week ago

Dolibarr: OS Command Injection (RCE) via MAIN_ODT_AS_PDF configuration

Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. In versions prior to 23.0.0 , the ODT to PDF conversion process in odf.php concatenates the MAIN_ODT_AS_PDF configuration constant directly into a shell command passed to exec() without sanitization. An authenticated administrator can inject arbitrary OS commands via this constant using command separators, achieving remote code execution as the web server user when any ODT template is generated. This issue has been fixed in version 23.0.0.

References

https://github.com/Dolibarr/dolibarr/security/advisories/GHSA-w5j3-8fcr-h87w x_refsource_CONFIRM

Ignored references (1)

https://github.com/Dolibarr/dolibarr/releases/tag/23.0.0 x_refsource_MISC

Affected products

dolibarr

==< 23.0.0

Matching in nixpkgs

pkgs.dolibarr

Enterprise resource planning (ERP) and customer relationship manager (CRM) server

nixos-unstable 23.0.2
- nixpkgs-unstable 23.0.2
- nixos-unstable-small 23.0.2
nixos-25.11 22.0.4
- nixos-25.11-small 22.0.4
- nixpkgs-25.11-darwin 22.0.4

Package maintainers

@GaetanLepage Gaetan Lepage <gaetan@glepage.com>

Permalink CVE-2026-34036

6.5 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): None (N)
Availability (A): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): None (N)

updated 1 month, 3 weeks ago by @LeSuisse Activity log

Created suggestion 1 month, 3 weeks ago
@LeSuisse accepted 1 month, 3 weeks ago
@LeSuisse published on GitHub 1 month, 3 weeks ago

Dolibarr Core Discloses Sensitive Data via Authenticated Local File Inclusion in selectobject.php

Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. In versions 22.0.4 and prior, there is a Local File Inclusion (LFI) vulnerability in the core AJAX endpoint /core/ajax/selectobject.php. By manipulating the objectdesc parameter and exploiting a fail-open logic flaw in the core access control function restrictedArea(), an authenticated user with no specific privileges can read the contents of arbitrary non-PHP files on the server (such as .env, .htaccess, configuration backups, or logs…). At time of publication, there are no publicly available patches.

References

https://github.com/Dolibarr/dolibarr/security/advisories/GHSA-2mfj-r695-5h9r x_refsource_CONFIRMexploit
https://github.com/Dolibarr/dolibarr/commit/743c22e57c0b2a017d6b92bec865d71ce6177a6a x_refsource_MISC

Affected products

dolibarr

==<= 22.0.4

Matching in nixpkgs

pkgs.dolibarr

Enterprise resource planning (ERP) and customer relationship manager (CRM) server

nixos-unstable 23.0.0
- nixpkgs-unstable 23.0.0
- nixos-unstable-small 23.0.0
nixos-25.11 22.0.4
- nixos-25.11-small 22.0.4
- nixpkgs-25.11-darwin 22.0.4

Package maintainers

@GaetanLepage Gaetan Lepage <gaetan@glepage.com>

Advisory: https://github.com/Dolibarr/dolibarr/security/advisories/GHSA-2mfj-r695-5h9r
Patch: https://github.com/Dolibarr/dolibarr/commit/743c22e57c0b2a017d6b92bec865d71ce6177a6a

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.dolibarr

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.dolibarr

Package maintainers