1 results (0.001 seconds)
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 1
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 1CVE-2022-34125 – GLPI Activity v3.1.0 - Authenticated Local File Inclusion on Activity plugin
https://notcve.org/view.php?id=CVE-2022-34125
front/icon.send.php in the CMDB plugin before 3.0.3 for GLPI allows attackers to gain read access to sensitive information via a _log/ pathname in the file parameter. GLPI Activity versions prior to 3.1.0 suffer from a local file inclusion vulnerability. • https://www.exploit-db.com/exploits/51232 https://github.com/InfotelGLPI/cmdb/releases/tag/3.0.3 https://github.com/InfotelGLPI/cmdb/security/advisories/GHSA-wv59-3rv4-vm9f https://pentest.blog/advisory-glpi-service-management-software-sql-injection-remote-code-execution-and-local-file-inclusion • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •