1 results (0.004 seconds)
CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 2
CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 2CVE-2022-34125 – GLPI Activity v3.1.0 - Authenticated Local File Inclusion on Activity plugin
https://notcve.org/view.php?id=CVE-2022-34125
03 Apr 2023 — front/icon.send.php in the CMDB plugin before 3.0.3 for GLPI allows attackers to gain read access to sensitive information via a _log/ pathname in the file parameter. GLPI Activity versions prior to 3.1.0 suffer from a local file inclusion vulnerability. • https://packetstorm.news/files/id/171655 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •