Remote Command Execution in GLPI addressing plugin
Vulnerability disclosed:
- GLPI addressing plugin version <=2.9.0 suffers from authenticated Remote Code Execution vulnerability, allowing access to the server's underlying operating system using command injection abuse of functionality.
PoC:
Solution:
- Upgrade to addressing plugin version 2.9.1 or above
Advisory: https://github.com/pluginsGLPI/addressing/security/advisories/GHSA-q5fp-xpr8-77jh
Reference: CVE-2021-43779
Author: Mateo Hanžek
