CVE-2020-15175Files or Directories Accessible to External Parties in Glpi

CWE-552Files or Directories Accessible to External Parties6 documents4 sources
Severity
9.1CRITICALNVD
EPSS
12.9%
top 5.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Glpi-project Glpi
Timeline
PublishedOct 7
Latest updateJan 28

Description

In GLPI before version 9.5.2, the `​pluginimage.send.php​` endpoint allows a user to specify an image from a plugin. The parameters can be maliciously crafted to instead delete the .htaccess file for the files directory. Any user becomes able to read all the files and folders contained in “/files/”. Some of the sensitive information that is compromised are the user sessions, logs, and more. An attacker would be able to get the Administrators session token and use that to authenticate. The issue

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages1 packages

NVDglpi-project/glpi< 9.5.2

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

1
OSV
CVE-2020-15175: In GLPI before version 92020-10-07

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS GLPI Unauthenticated File Deletion (CVE-2020-15175)2026-01-28

💬Community

3
Bugzilla
CVE-2020-15175 glpi: information disclosure of files and folders contained in /files/ [fedora-all]2020-10-08
Bugzilla
CVE-2020-15175 glpi: information disclosure of files and folders contained in /files/ [epel-7]2020-10-08
Bugzilla
CVE-2020-15175 glpi: information disclosure of files and folders contained in /files/2020-10-08