CVE-2015-7684 — Unrestricted File Upload in Glpi

3 documents3 sources

Severity

9.0CRITICALNVD

EPSS

1.7%

top 17.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Glpi-project Glpi

Timeline

PublishedOct 5

Latest updateMay 17

Description

Unrestricted file upload in GLPI before 0.85.3 allows remote authenticated users to execute arbitrary code by adding a file with an executable extension as an attachment to a new ticket, then accessing it via a direct request to the file in files/_tmp/.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages1 packages

▶NVDglpi-project/glpi0.85.2

🔴Vulnerability Details

GHSA

GHSA-m85f-3rgv-wmmj: Unrestricted file upload in GLPI before 0↗2022-05-17

▶

OSV

CVE-2015-7684: Unrestricted file upload in GLPI before 0↗2015-10-05

▶