3
[webapps] GLPI v10.0.1 - Unauthenticated Sensitive Data Exposure
source link: https://www.exploit-db.com/exploits/51231
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
GLPI v10.0.1 - Unauthenticated Sensitive Data Exposure
# Exploit Title: GLPI v10.0.1 - Unauthenticated Sensitive Data Exposure
# Date: 11 Jun 2022
# Version: >=10.0.0 and < 10.0.2
# Author: Nuri Çilengir
# Vendor Homepage: https://glpi-project.org/
# Software Link: https://github.com/glpi-project/glpi
# Advisory:
https://pentest.blog/advisory-glpi-service-management-software-sql-injection-remote-code-execution-and-local-file-inclusion/
# Tested on: Ubuntu 22.04
# CVE: CVE-2022-31068
--
*Nuri Çilengir*
/Cyber Security Consultant/
*PRODAFT SARL*
*CH:* Y-Parc, rue Galilée 7, 1400 Yverdon-les-Bains
*TR:* Sanayi Mah. Teknopark Istanbul 5. Blok K2 Pendik, Istanbul
*NL:* HSD Campus Wilhelmina van Pruisenweg 104, 2595 AN, Den Haag
GSM: (+90) 553 444 7080
E.:nuri[at]prodaft[dot]com
IN:/cilengirnuri
/* In case you think you’re not the designated recipient of the e-mail
hereby; please delete it accordingly./
/** This e-mail may have been sent from a mobile device. Please contact
me from my mobile, in case you notice an error in the content./
/PS. Feel free to contact me via Signal, Threema or Telegram; or ask for
my public PGP key for high-profile cases that may require higher
confidentiality./
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK