3 matches found
Security fix for the ALT Linux 10 package glpi version 9.5.2-alt1
Oct. 26, 2020 Pavel Zilke 9.5.2-alt1 - New version 9.5.2 - Security fixes: + CVE-2020-15176 : SQL injection with a query parameter of user form + CVE-2020-15175 : Removal of .htaccess file in the files folder via a plugin endpoint + CVE-2020-15217 : Leakage issue with knowledge base +...
Security fix for the ALT Linux 9 package glpi version 9.5.2-alt1
Oct. 26, 2020 Pavel Zilke 9.5.2-alt1 - New version 9.5.2 - Security fixes: + CVE-2020-15176 : SQL injection with a query parameter of user form + CVE-2020-15175 : Removal of .htaccess file in the files folder via a plugin endpoint + CVE-2020-15217 : Leakage issue with knowledge base +...
CVE-2020-15175
In GLPI before version 9.5.2, the pluginimage.send.php endpoint allows a user to specify an image from a plugin. The parameters can be maliciously crafted to instead delete the .htaccess file for the files directory. Any user becomes able to read all the files and folders contained in “/files/”...