CVE-2017-11183 — Improper Input Validation in Glpi

Severity

4.9MEDIUMNVD

EPSS

0.4%

top 38.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedJul 28

Latest updateMay 17

Description

front/backup.php in GLPI before 9.1.5 allows remote authenticated administrators to delete arbitrary files via a crafted file parameter.

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:NExploitability: 1.2 | Impact: 3.6

GHSA

GHSA-xfjg-rw3q-526r: front/backup↗2022-05-17

▶

OSV

CVE-2017-11183: front/backup↗2017-07-28

▶

Bugzilla

CVE-2017-11183 CVE-2017-11184 glpi: various flaws [epel-7]↗2017-07-28

▶

Bugzilla

CVE-2017-11183 CVE-2017-11184 glpi: various flaws [fedora-all]↗2017-07-28

▶

Bugzilla

CVE-2017-11183 glpi: File delete in front/backup.php↗2017-07-28

▶