Share
## https://sploitus.com/exploit?id=7BB10CE1-8ACF-514B-98DE-41805062E2C6
# CVE-2026-34036

Proof-of-concept script for **CVE-2026-34036**, an **authenticated local file inclusion / LFI** in Dolibarr.

The issue is reachable through `core/ajax/selectobject.php`. An authenticated user can abuse the `objectdesc` parameter to make the application read arbitrary local files on the server.

This repository contains a simple script that logs into Dolibarr, triggers the vulnerable endpoint, and prints the contents of the requested file.

Read the full report here: [full write-up on my website](https://cnf409.me/posts/2026/03/cve-2026-34036-when-your-crms-autocomplete-reads-more-than-it-should/#required-conditions)

## Requirements

- Python 3
- `requests`
- Valid Dolibarr credentials

Install the dependency if needed:

```bash
python3 -m pip install requests
```

## Usage

Run the script with the target URL, a valid username/password, and the file you want to read:

```bash
python3 CVE-2026-34036.py \
  --url http://127.0.0.1:8080 \
  --username admin \
  --password admin \
  --file conf/.htaccess
```

## Notes

- The vulnerability requires authentication.
- The file path is relative to the Dolibarr web root as used by the vulnerable endpoint.
- The script trims common PHP warning/fatal error noise from the response output.

## Disclaimer

This PoC is provided for **educational and authorized security testing purposes only**. Do not use it against systems you do not own or do not have explicit permission to test.