2 matches found
GLPI Directory Traversal Vulnerability
GLPI is an open source IT asset management software. A directory traversal vulnerability exists in versions of GLPI prior to 0.84.8. This allows remote attackers to execute arbitrary local files via the getItemForItemtype parameter...
CVE-2014-8360
Directory traversal vulnerability in inc/autoload.function.php in GLPI before 0.84.8 allows remote attackers to include and execute arbitrary local files via a .. dot dot underscore in an item type to the getItemForItemtype, as demonstrated by the itemtype parameter in ajax/common.tabs.php...