← back
CVE-2022-34125

CVE-2022-34125

CVSS 6.5 MEDIUMEPSS 4.6%CWE-203
In short

The CMDB plugin for GLPI before version 3.0.3 has a flaw that lets attackers read sensitive files by manipulating a file parameter to access paths they shouldn't be able to reach. This can expose confidential information stored on the server.

Technical detail

An information disclosure vulnerability in front/icon.send.php allows unauthenticated or low-privileged attackers to read arbitrary files by traversing to restricted directories (specifically _log/) via the file parameter. The vulnerability stems from insufficient input validation on file path parameters, enabling attackers to bypass access controls and retrieve sensitive data.

Summary generated and translated by AI from the official description.
front/icon.send.php in the CMDB plugin before 3.0.3 for GLPI allows attackers to gain read access to sensitive information via a _log/ pathname in the file parameter.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/51232unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/InfotelGLPI/cmdb/releases/tag/3.0.3https://github.com/InfotelGLPI/cmdb/security/advisories/GHSA-wv59-3rv4-vm9fhttps://pentest.blog/advisory-glpi-service-management-software-sql-injection-remote-code-execution-and-local-file-inclusion/