Skip to content

Path traversal in GLPI barcode plugin

Critical
orthagh published GHSA-2pjh-h828-wcw9 Nov 24, 2021

Package

barcode (glpi-project/glpi)

Affected versions

2.0.0

Patched versions

2.6.1

Description

Impact

All GLPI With plugin barcode installed

Patches

Patch : https://github.com/pluginsGLPI/barcode/commit/428c3d9adfb446e8492b1c2b7affb3d34072ff46.patch
Or upgrade to 2.6.1

Workarounds

Delete front/send.php file.

References

https://github.com/hansmach1ne/MyExploits/tree/main/Path%20Traversal%20in%20GLPI%20Barcode%20plugin

For more information

If you have any questions or comments about this advisory:

Email us at glpi-security@ow2.org

Severity

Critical

CVE ID

CVE-2021-43778

Weaknesses

No CWEs

Credits