Lucene search
Redhat.comRH:CVE-2020-11060HistoryMay 20, 2022 - 11:28 p.m.
CVE-2020-11060
2022-05-2023:28:28
redhat.com
access.redhat.com
19
glpi
system commands
backup functionality
csrf
exploitation
maintenance privileges
wifi networks
fix
version 9.4.6
EPSS
0.002
Percentile
59.8%
In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality. Theoretically, this vulnerability can be exploited by an attacker without a valid account by using a CSRF. Due to the difficulty of the exploitation, the attack is only conceivable by an account having Maintenance privileges and the right to add WIFI networks. This is fixed in version 9.4.6.
Related
freebsd
freebsd
glpi -- Remote Code Execution (RCE) via the backup functionality
2020-03-30 00:00:00
nvd
nvd
CVE-2020-11060
2020-05-12 20:15:11
prion
prion
Cross site request forgery (csrf)
2020-05-12 20:15:00
exploitdb
exploitdb
GLPI 9.4.5 - Remote Code Execution (RCE)
2021-06-14 00:00:00
GLPI GZIP(Py3) 9.4.5 - RCE
2023-10-09 00:00:00
zdt
zdt
GLPI 9.4.5 - Remote Code Execution Exploit
2021-06-14 00:00:00
GLPI GZIP(Py3) 9.4.5 - Remote Code Execution Exploit
2023-10-09 00:00:00
nessus
nessus
githubexploit
githubexploit
Exploit for Cross-Site Request Forgery (CSRF) in Glpi-Project Glpi
2021-06-11 14:52:03
ubuntucve
ubuntucve
CVE-2020-11060
2020-05-12 00:00:00
packetstorm
packetstorm
GLPI 9.4.5 Remote Code Execution
2021-06-14 00:00:00
GLPI GZIP(Py3) 9.4.5 Remote Code Execution
2023-10-10 00:00:00
cve
cve
CVE-2020-11060
2020-05-12 20:15:11
osv
osv
CVE-2020-11060
2020-05-12 20:15:11
cvelist
cvelist
CVE-2020-11060 Remote Code Execution in GLPI
2020-05-12 19:30:14