CVE-2021-21327

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 non-authenticated user can remotely instantiate object of any class existing in the GLPI environment that can be used to...

CVE-2021-21327

GLPI before 9.5.4 allows non-authenticated remote instantiation of any class via Unsafe Reflection in getItemForItemtype(), enabling class constructors/destructors to run and potentially corrupt integrity of the core platform and plugins through a POP chain. Vulnerable component: GLPI core/runtim...

CVE-2021-21327 Unsafe Reflection in getItemForItemtype()

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 non-authenticated user can remotely instantiate object of any class existing in the GLPI environment that can be used to...

GLPI 9.5.3 - (fromtype) Unsafe Reflection Vulnerability

Exploit Title: GLPI 9.5.3 - 'fromtype' Unsafe Reflection Exploit Author: Vadym Soroka @Iterasec https://iterasec.com Vendor Homepage: https://glpi-project.org Software Link: https://github.com/glpi-project/glpi/releases Version: =9.5.3 Tested on:v9.5.3, 2021-02-13 Technical advisories:...

PT-2021-14424 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 9.5.4 Description: The issue allows a non-authenticated user to remotely instantiate objects of any class in the GLPI environment, potentially leading to malicious attacks or the start of a "POP chain". This affects the...

GLPI 9.5.3 - 'fromtype' Unsafe Reflection

Exploit Title: GLPI 9.5.3 - 'fromtype' Unsafe Reflection Date: 2021-02-13 Exploit Author: Vadym Soroka @Iterasec https://iterasec.com Vendor Homepage: https://glpi-project.org Software Link: https://github.com/glpi-project/glpi/releases Version: =9.5.3 Tested on:v9.5.3, 2021-02-13 Technical...