Lucene search
GoogleOSV:CVE-2020-15175HistoryOct 07, 2020 - 7:15 p.m.
CVE-2020-15175
2020-10-0719:15:12
Google
osv.dev
4
In GLPI before version 9.5.2, the pluginimage.send.php endpoint allows a user to specify an image from a plugin. The parameters can be maliciously crafted to instead delete the .htaccess file for the files directory. Any user becomes able to read all the files and folders contained in “/files/”. Some of the sensitive information that is compromised are the user sessions, logs, and more. An attacker would be able to get the Administrators session token and use that to authenticate. The issue is patched in version 9.5.2.
Related
ubuntucve
ubuntucve
CVE-2020-15175
2020-10-07 00:00:00
freebsd
freebsd
glpi -- Unauthenticated File Deletion
2020-06-25 00:00:00
nvd
nvd
CVE-2020-15175
2020-10-07 19:15:12
cve
cve
CVE-2020-15175
2020-10-07 19:15:12
prion
prion
Information disclosure
2020-10-07 19:15:00
nessus
nessus
cvelist
cvelist
CVE-2020-15175 Unauthenticated File Deletion in GLPI
2020-10-07 18:45:14
altlinux
altlinux
Security fix for the ALT Linux 9 package glpi version 9.5.2-alt1
2020-10-26 00:00:00
Security fix for the ALT Linux 10 package glpi version 9.5.2-alt1
2020-10-26 00:00:00