[webapps] GLPI v10.0.1 - Unauthenticated Sensitive Data Exposure
source link: https://www.exploit-db.com/exploits/51231
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
GLPI v10.0.1 - Unauthenticated Sensitive Data Exposure
# Exploit Title: GLPI v10.0.1 - Unauthenticated Sensitive Data Exposure
# Date: 11 Jun 2022
# Version: >=10.0.0 and < 10.0.2
# Author: Nuri Çilengir
# Vendor Homepage: https://glpi-project.org/
# Software Link: https://github.com/glpi-project/glpi
# Advisory:
https://pentest.blog/advisory-glpi-service-management-software-sql-injection-remote-code-execution-and-local-file-inclusion/
# Tested on: Ubuntu 22.04
# CVE: CVE-2022-31068
--
*Nuri Çilengir*
/Cyber Security Consultant/
*PRODAFT SARL*
*CH:* Y-Parc, rue Galilée 7, 1400 Yverdon-les-Bains
*TR:* Sanayi Mah. Teknopark Istanbul 5. Blok K2 Pendik, Istanbul
*NL:* HSD Campus Wilhelmina van Pruisenweg 104, 2595 AN, Den Haag
GSM: (+90) 553 444 7080
E.:nuri[at]prodaft[dot]com
IN:/cilengirnuri
/* In case you think you’re not the designated recipient of the e-mail
hereby; please delete it accordingly./
/** This e-mail may have been sent from a mobile device. Please contact
me from my mobile, in case you notice an error in the content./
/PS. Feel free to contact me via Signal, Threema or Telegram; or ask for
my public PGP key for high-profile cases that may require higher
confidentiality./
Recommend
-
9
GLPI Cartography Plugin v6.0.0 - Unauthenticated Remote Code Execution (RCE)...
-
4
GLPI Glpiinventory v1.0.1 - Unauthenticated Local File Inclusion...
-
5
GLPI v10.0.2 - SQL Injection (Authentication Depends on Configuration)...
-
7
GLPI Activity v3.1.0 - Authenticated Local File Inclusion on Activity plugin...
-
2
GLPI 4.0.2 - Unauthenticated Local File Inclusion on Manageentities plugin...
-
3
GLPI 9.5.7 - Username Enumeration ...
-
1
ABB FlowX v4.00 - Exposure of Sensitive Information ...
-
2
ProjeQtOr Project Management System v10.4.1 - Multiple XSS
-
2
GLPI GZIP(Py3) 9.4.5 - RCE
-
2
DLINK DPH-400SE - Exposure of Sensitive Information ...
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK