Lucene search

[email protected]NVD:CVE-2022-34127

HistoryApr 16, 2023 - 3:15 a.m.

CVE-2022-34127

2023-04-1603:15:07

CWE-22

[email protected]

web.nvd.nist.gov

cve-2022-34127

directory traversal

local file read

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.021 Low

EPSS

Percentile

89.2%

JSON

The Managentities plugin before 4.0.2 for GLPI allows reading local files via directory traversal in the inc/cri.class.php file parameter.

Affected configurations

NVD

Node

glpi-projectmanageentitiesRange<4.0.2glpi

References

github.com/InfotelGLPI/manageentities/releases/tag/4.0.2

github.com/InfotelGLPI/manageentities/security/advisories/GHSA-4hpg-m8fv-xv3h

pentest.blog/advisory-glpi-service-management-software-sql-injection-remote-code-execution-and-local-file-inclusion/

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.021 Low

EPSS

Percentile

89.2%

JSON

Related for NVD:CVE-2022-34127

packetstorm1 prion1 cvelist1 osv1 zdt1 cve1 exploitdb1