## https://sploitus.com/exploit?id=7BB10CE1-8ACF-514B-98DE-41805062E2C6
# CVE-2026-34036
Proof-of-concept script for **CVE-2026-34036**, an **authenticated local file inclusion / LFI** in Dolibarr.
The issue is reachable through `core/ajax/selectobject.php`. An authenticated user can abuse the `objectdesc` parameter to make the application read arbitrary local files on the server.
This repository contains a simple script that logs into Dolibarr, triggers the vulnerable endpoint, and prints the contents of the requested file.
Read the full report here: [full write-up on my website](https://cnf409.me/posts/2026/03/cve-2026-34036-when-your-crms-autocomplete-reads-more-than-it-should/#required-conditions)
## Requirements
- Python 3
- `requests`
- Valid Dolibarr credentials
Install the dependency if needed:
```bash
python3 -m pip install requests
```
## Usage
Run the script with the target URL, a valid username/password, and the file you want to read:
```bash
python3 CVE-2026-34036.py \
--url http://127.0.0.1:8080 \
--username admin \
--password admin \
--file conf/.htaccess
```
## Notes
- The vulnerability requires authentication.
- The file path is relative to the Dolibarr web root as used by the vulnerable endpoint.
- The script trims common PHP warning/fatal error noise from the response output.
## Disclaimer
This PoC is provided for **educational and authorized security testing purposes only**. Do not use it against systems you do not own or do not have explicit permission to test.