CVE-2020-15175— GLPI 安全漏洞

Unauthenticated File Deletion in GLPI

In GLPI before version 9.5.2, the `​pluginimage.send.php​` endpoint allows a user to specify an image from a plugin. The parameters can be maliciously crafted to instead delete the .htaccess file for the files directory. Any user becomes able to read all the files and folders contained in “/files/”. Some of the sensitive information that is compromised are the user sessions, logs, and more. An attacker would be able to get the Administrators session token and use that to authenticate. The issue is patched in version 9.5.2.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

对外部实体的文件或目录可访问

GLPI 安全漏洞

GLPI是个人开发者的一款开源IT和资产管理软件。该软件提供功能全面的IT资源管理接口，你可以用它来建立数据库全面管理IT的电脑，显示器，服务器，打印机，网络设备，电话，甚至硒鼓和墨盒等。 GLPI 9.5.2之前版本存在安全漏洞，该漏洞源于?pluginimage.send.php?端点允许用户指定一个图像从一个插件。可以恶意构造的参数而不是删除的。htaccess文件文件目录。任何用户就能够阅读所有的文件和文件夹包含在文件“/ /”。一些敏感信息的泄露用户会话,日志等等。攻击者可利用该漏洞能够获得管理

N/A

N/A