CVE-2021-43778

Path traversal in GLPI barcode plugin

CVSS 9.1 CRITICALEPSS 52.7%CWE-22

Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability. This issue was patched in version 2.6.1. As a workaround, delete the `front/send.php` file.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected products

pluginsGLPI · barcode

public PoCs found — 1

githubgithub.com/AK-blank/CVE-2021-43778★ 3

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/hansmach1ne/CVE-portfolio/tree/main/CVE-2021-43778 https://github.com/hansmach1ne/MyExploits/tree/main/Path%20Traversal%20in%20GLPI%20Barcode%20plugin https://github.com/pluginsGLPI/barcode/commit/428c3d9adfb446e8492b1c2b7affb3d34072ff46 https://github.com/pluginsGLPI/barcode/releases/tag/2.6.1 https://github.com/pluginsGLPI/barcode/security/advisories/GHSA-2pjh-h828-wcw9