Linux Distros Unpatched Vulnerability : CVE-2020-11060

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality. Theoretically, this vulnerability can be exploited by an...

GLPI GZIP(Py3) 9.4.5 Remote Code Execution

!/usr/bin/env python3 Exploit Title: GLPI GZIPPy3 9.4.5 - RCE Date: 08-30-2021 Exploit Authors: Brian Peters & n3rada Vendor Homepage: https://glpi-project.org/ Software Link: https://github.com/glpi-project/glpi/releases Version: 0.8.5-9.4.5 Tested on: Exploit ran on Kali 2021. GLPI Ran on Windo...

GLPI GZIP(Py3) 9.4.5 - Remote Code Execution Exploit

!/usr/bin/env python3 Exploit Title: GLPI GZIPPy3 9.4.5 - RCE Date: 08-30-2021 Exploit Authors: Brian Peters & n3rada Vendor Homepage: https://glpi-project.org/ Software Link: https://github.com/glpi-project/glpi/releases Version: 0.8.5-9.4.5 Tested on: Exploit ran on Kali 2021. GLPI Ran on Windo...

GLPI GZIP(Py3) 9.4.5 - RCE

!/usr/bin/env python3 Exploit Title: GLPI GZIPPy3 9.4.5 - RCE Date: 08-30-2021 Exploit Authors: Brian Peters & n3rada Vendor Homepage: https://glpi-project.org/ Software Link: https://github.com/glpi-project/glpi/releases Version: 0.8.5-9.4.5 Tested on: Exploit ran on Kali 2021. GLPI Ran on Windo...

FreeBSD : glpi -- Remote Code Execution (RCE) via the backup functionality (832fd11b-3b11-11eb-af2a-080027dbe4b7)

MITRE Corporation reports : In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality. Theoretically, this vulnerability can be exploited by an attacker without a valid account by using a CSRF. Due to the difficulty of the exploitation, the attack is only...

CVE-2020-11060

In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality. Theoretically, this vulnerability can be exploited by an attacker without a valid account by using a CSRF. Due to the difficulty of the exploitation, the attack is only conceivable by an account...

CVE-2020-11060 Remote Code Execution in GLPI

In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality. Theoretically, this vulnerability can be exploited by an attacker without a valid account by using a CSRF. Due to the difficulty of the exploitation, the attack is only conceivable by an account...

CVE-2020-11060

GLPI prior to 9.4.6 contains a vulnerability in the backup functionality that allows executing system commands. Exploitation is theoretically possible without a valid account via CSRF, but effectively requires an account with Maintenance privileges and the right to add WIFI networks. The issue is...

CVE-2020-11060

creationtimestamp| type| source ---|---|--- 2020-05-12 14:45:16+00:00| published-proof-of-concept| https://t.me/canyoupwnme/6428 2020-05-12 14:52:48+00:00| published-proof-of-concept| https://t.me/techpwnews/635 2021-06-15 01:19:34+00:00| seen| https://t.me/pwnwikizhchannel/649 2024-10-23...