CVE-2014-8360Path Traversal in Glpi

CWE-22Path Traversal3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.7%
top 27.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Glpi-project Glpi
Timeline
PublishedApr 14
Latest updateMay 17

Description

Directory traversal vulnerability in inc/autoload.function.php in GLPI before 0.84.8 allows remote attackers to include and execute arbitrary local files via a .._ (dot dot underscore) in an item type to the getItemForItemtype, as demonstrated by the itemtype parameter in ajax/common.tabs.php.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

Ubuntuglpi-project/glpi< 0.84.8+dfsg.1-1
NVDglpi-project/glpi0.84.7

🔴Vulnerability Details

2
GHSA
GHSA-6672-57h5-f9rw: Directory traversal vulnerability in inc/autoload2022-05-17
OSV
CVE-2014-8360: Directory traversal vulnerability in inc/autoload2015-04-14