Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-15175

In GLPI before version 9.5.2, the `pluginimage.send.php` endpoint allows a user to specify an image from a plugin. The parameters can be maliciously crafted to instead delete the .htaccess file for the files directory. Any user becomes able to read all the files and folders contained in “/files/”. Some of the sensitive information that is compromised are the user sessions, logs, and more. An attacker would be able to get the Administrators session token and use that to authenticate. The issue is patched in version 9.5.2.

Published

2020-10-07T19:15:12.627

Last Modified

2024-11-21T05:05:00.463

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.4 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

4.9

Weaknesses

Type: Secondary
CWE-552
Type: Primary
CWE-552

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	glpi-project	glpi	< 9.5.2	Yes

References

https://github.com/glpi-project/glpi/commit/6ca9a0e77299a755c356d758344a23278df67f65 Patch, Third Party Advisory ([email protected])
https://github.com/glpi-project/glpi/security/advisories/GHSA-rm52-jx9h-rwcp Third Party Advisory ([email protected])
https://github.com/glpi-project/glpi/commit/6ca9a0e77299a755c356d758344a23278df67f65 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/glpi-project/glpi/security/advisories/GHSA-rm52-jx9h-rwcp Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)