Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2022-34125

Published: 16/04/2023 Updated: 25/04/2023
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Glpi-project

Vulnerability Summary

front/icon.send.php in the CMDB plugin prior to 3.0.3 for GLPI allows malicious users to gain read access to sensitive information via a _log/ pathname in the file parameter.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

glpi-project cmdb

Exploits

Exploit DB: GLPI Activity Local File Inclusion
GLPI Activity versions prior to 310 suffer from a local file inclusion vulnerability ...

References

CWE-200https://github.com/InfotelGLPI/cmdb/releases/tag/3.0.3https://github.com/InfotelGLPI/cmdb/security/advisories/GHSA-wv59-3rv4-vm9fhttps://pentest.blog/advisory-glpi-service-management-software-sql-injection-remote-code-execution-and-local-file-inclusion/https://nvd.nist.govhttps://packetstormsecurity.com/files/171655/GLPI-Activity-Local-File-Inclusion.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460CVE-2024-4646CVE-2024-29212IMAPCVE-2023-36672CVE-2024-34547command injectionCVE-2024-4651stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook