GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. From 11.0.0 to before 11.0.5, an authenticated technician user can upload a malicious file and trigger its execution through an unsafe PHP instantiation. This vulnerability is fixed in 11.0.5.
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:HTeclib Edition Glpi
APPTeclib-Edition11.0.0 – 11.0.5 (bez)
Related vulnerabilities
GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0....
GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0....
RCE przez tworzenie dropdownów w pluginie Fields dla GLPI
GLPI is an open source IT Asset Management, issue tracking system and service desk system. The GLPI addressing...
An issue was discovered in the Teclib Fields plugin through 1.9.2 for GLPI. it allows SQL Injection via contai...