Lucene search
PRIOn knowledge basePRION:CVE-2020-11060HistoryMay 12, 2020 - 8:15 p.m.
Cross site request forgery (csrf)
2020-05-1220:15:00
PRIOn knowledge base
www.prio-n.com
12
In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality. Theoretically, this vulnerability can be exploited by an attacker without a valid account by using a CSRF. Due to the difficulty of the exploitation, the attack is only conceivable by an account having Maintenance privileges and the right to add WIFI networks. This is fixed in version 9.4.6.
Related
nessus
nessus
redhatcve
redhatcve
CVE-2020-11060
2022-05-20 23:28:28
freebsd
freebsd
glpi -- Remote Code Execution (RCE) via the backup functionality
2020-03-30 00:00:00
nvd
nvd
CVE-2020-11060
2020-05-12 20:15:11
zdt
zdt
GLPI 9.4.5 - Remote Code Execution Exploit
2021-06-14 00:00:00
GLPI GZIP(Py3) 9.4.5 - Remote Code Execution Exploit
2023-10-09 00:00:00
packetstorm
packetstorm
GLPI 9.4.5 Remote Code Execution
2021-06-14 00:00:00
GLPI GZIP(Py3) 9.4.5 Remote Code Execution
2023-10-10 00:00:00
ubuntucve
ubuntucve
CVE-2020-11060
2020-05-12 00:00:00
githubexploit
githubexploit
Exploit for Cross-Site Request Forgery (CSRF) in Glpi-Project Glpi
2021-06-11 14:52:03
cve
cve
CVE-2020-11060
2020-05-12 20:15:11
osv
osv
CVE-2020-11060
2020-05-12 20:15:11
cvelist
cvelist
CVE-2020-11060 Remote Code Execution in GLPI
2020-05-12 19:30:14
exploitdb
exploitdb
GLPI GZIP(Py3) 9.4.5 - RCE
2023-10-09 00:00:00
GLPI 9.4.5 - Remote Code Execution (RCE)
2021-06-14 00:00:00