CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
AI Score
Confidence
Low
A vulnerability in GLPI’s computer hardware requisition, incident, and inventory system is related to external
file name or path control. Exploitation of the vulnerability could allow an attacker acting
remotely, to upload a malicious PHP script and hijack the plugin loader to execute that malicious script.
malicious script
A vulnerability in GLPI’s computer hardware request, incident, and inventory system is related to
Improper access control. Exploitation of the vulnerability could allow an attacker acting
remotely to bypass current access control rules.
Vulnerabilities in the GLPI computer hardware request, incident and inventory system are related to
Improper neutralization of special elements used in the SQL command. Exploitation of the vulnerability
could allow an attacker acting remotely to modify another user’s account information and gain control over it.
gain control over it