cbcvebase.
CVE-2014-8360
published 2015-04-14

CVE-2014-8360: Directory traversal vulnerability in inc/autoload.function.php in GLPI before 0.84.8 allows remote attackers to include and execute arbitrary local files via a…

PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
2.84%
84.9th percentile
Directory traversal vulnerability in inc/autoload.function.php in GLPI before 0.84.8 allows remote attackers to include and execute arbitrary local files via a .._ (dot dot underscore) in an item type to the getItemForItemtype, as demonstrated by the itemtype parameter in ajax/common.tabs.php.

Affected

2 ranges
VendorProductVersion rangeFixed in
glpi-projectglpi<= 0.84.7
glpi-projectglpi>= 0 < 0.84.8+dfsg.1-10.84.8+dfsg.1-1

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.