// For flags

CVE-2018-7562

 

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A remote code execution issue was discovered in GLPI through 9.2.1. There is a race condition that allows temporary access to an uploaded executable file that will be disallowed. The application allows an authenticated user to upload a file when he/she creates a new ticket via front/fileupload.php. This feature is protected using different types of security features like the check on the file's extension. However, the application uploads and creates a file, though this file is not allowed, and then deletes the file in the uploadFiles method in inc/glpiuploaderhandler.class.php.

Se ha descubierto un problema de ejecución remota de código en GLPI hasta la versión 9.2.1. Hay una condición de carrera que permite el acceso temporal a un archivo ejecutable subido que posteriormente aparecerá como no permitido. La aplicación permite que un usuario autenticado suba un archivo cuando crea un nuevo ticket mediante front/fileupload.php. Esta característica está protegida por medio de diferentes tipos de características de seguridad, como la comprobación en la extensión del archivo. Sin embargo, la aplicación sube y crea un archivo, aunque este archivo no esté permitido, para después eliminar el archivo en el método uploadFiles en inc/glpiuploaderhandler.class.php.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
Single
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-02-28 CVE Reserved
  • 2018-03-12 CVE Published
  • 2024-08-05 CVE Updated
  • 2024-10-13 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
  • CWE-434: Unrestricted Upload of File with Dangerous Type
CAPEC
References (1)
URL Tag Source
https://github.com/glpi-project/glpi/pull/3650 Issue Tracking
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Glpi-project
Search vendor "Glpi-project"
 Glpi
Search vendor "Glpi-project" for product "Glpi"
 <= 9.2.1
Search vendor "Glpi-project" for product "Glpi" and version " <= 9.2.1"
-
Affected