Skip to content
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
MyExploits/Path Traversal in GLPI Barcode plugin/
MyExploits/Path Traversal in GLPI Barcode plugin/

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 

Path traversal in GLPI barcode plugin

Vulnerability disclosed:

  • GLPI barcode plugin version <= 2.6.0 suffers from unauthenticated path traversal file read vulnerability that allows reading arbitrary files outside of the plugin directory.

PoC:

PoC

Solution:

  • Upgrade to barcode plugin version 2.6.1 or above

Advisory: https://github.com/pluginsGLPI/barcode/security/advisories/GHSA-2pjh-h828-wcw9

Reference: CVE-2021-43778

Author: Mateo Hanžek