CVE-2022-34126

The Activity plugin before 3.1.1 for GLPI allows reading local files via directory traversal in the front/cra.send.php file parameter.
Configurations

Configuration 1 (hide)

cpe:2.3:a:glpi-project:activity:*:*:*:*:*:glpi:*:*

History

21 Nov 2024, 07:08

Type Values Removed Values Added
References () https://github.com/InfotelGLPI/activity/releases/tag/3.1.1 - Third Party Advisory () https://github.com/InfotelGLPI/activity/releases/tag/3.1.1 - Third Party Advisory
References () https://github.com/InfotelGLPI/activity/security/advisories/GHSA-jcmw-hpgh-357p - Third Party Advisory () https://github.com/InfotelGLPI/activity/security/advisories/GHSA-jcmw-hpgh-357p - Third Party Advisory
References () https://pentest.blog/advisory-glpi-service-management-software-sql-injection-remote-code-execution-and-local-file-inclusion/ - Third Party Advisory () https://pentest.blog/advisory-glpi-service-management-software-sql-injection-remote-code-execution-and-local-file-inclusion/ - Third Party Advisory

Information

Published : 2023-04-16 03:15

Updated : 2024-11-21 07:08


NVD link : CVE-2022-34126

Mitre link : CVE-2022-34126

CVE.ORG link : CVE-2022-34126


JSON object : View

Products Affected

glpi-project

  • activity
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')