CVE-2014-8360
published 2015-04-14CVE-2014-8360: Directory traversal vulnerability in inc/autoload.function.php in GLPI before 0.84.8 allows remote attackers to include and execute arbitrary local files via a…
PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
2.84%
84.9th percentile
Directory traversal vulnerability in inc/autoload.function.php in GLPI before 0.84.8 allows remote attackers to include and execute arbitrary local files via a .._ (dot dot underscore) in an item type to the getItemForItemtype, as demonstrated by the itemtype parameter in ajax/common.tabs.php.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| glpi-project | glpi | <= 0.84.7 | — |
| glpi-project | glpi | >= 0 < 0.84.8+dfsg.1-1 | 0.84.8+dfsg.1-1 |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6672-57h5-f9rw: Directory traversal vulnerability in inc/autoload
ghsa_unreviewed·2022-05-17
CVE-2014-8360 [HIGH] CWE-22 GHSA-6672-57h5-f9rw: Directory traversal vulnerability in inc/autoload
Directory traversal vulnerability in inc/autoload.function.php in GLPI before 0.84.8 allows remote attackers to include and execute arbitrary local files via a .._ (dot dot underscore) in an item type to the getItemForItemtype, as demonstrated by the itemtype parameter in ajax/common.tabs.php.
OSV
CVE-2014-8360: Directory traversal vulnerability in inc/autoload
osv·2015-04-14·CVSS 7.5
CVE-2014-8360 [HIGH] CVE-2014-8360: Directory traversal vulnerability in inc/autoload
Directory traversal vulnerability in inc/autoload.function.php in GLPI before 0.84.8 allows remote attackers to include and execute arbitrary local files via a .._ (dot dot underscore) in an item type to the getItemForItemtype, as demonstrated by the itemtype parameter in ajax/common.tabs.php.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://advisories.mageia.org/MGASA-2015-0017.htmlhttp://tlk.tuxfamily.org/doku.php?id=writeup:cve-2014-8360-enhttp://www.glpi-project.org/spip.php?page=annonce&id_breve=330http://www.mandriva.com/security/advisories?name=MDVSA-2015:167https://forge.indepnet.net/issues/5101http://advisories.mageia.org/MGASA-2015-0017.htmlhttp://tlk.tuxfamily.org/doku.php?id=writeup:cve-2014-8360-enhttp://www.glpi-project.org/spip.php?page=annonce&id_breve=330http://www.mandriva.com/security/advisories?name=MDVSA-2015:167https://forge.indepnet.net/issues/5101
2015-04-14
Published