cbcvebase.
CVE-2022-34128
published 2023-04-16

CVE-2022-34128: The Cartography (aka positions) plugin before 6.0.1 for GLPI allows remote code execution via PHP code in the POST data to front/upload.php.

PriorityP273critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
7.75%
93.9th percentile
The Cartography (aka positions) plugin before 6.0.1 for GLPI allows remote code execution via PHP code in the POST data to front/upload.php.

Affected

1 ranges
VendorProductVersion rangeFixed in
glpi-projectpositions< 6.0.16.0.1

Detection & IOCsextracted from sources · hover to see the quote

urlfront/upload.php
pathfront/upload.php
  • Monitor for unauthenticated POST requests to front/upload.php in the GLPI Cartography plugin, particularly containing PHP code in the POST body, which is indicative of CVE-2022-34128 exploitation.
  • The vulnerability is unauthenticated — no session or authentication token is required to trigger RCE, so any POST to front/upload.php from an unauthenticated source should be treated as suspicious.
  • ·Vulnerability affects Cartography (positions) plugin versions before 6.0.1 for GLPI; version 6.0.1 and later are patched.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.