Arbitrary Code Execution via Unrestricted File Upload in GLPI

Arbitrary Code Execution via Unrestricted File Upload in GLPI

CVE-2015-7684 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

Unrestricted file upload in GLPI before 0.85.3 allows remote authenticated users to execute arbitrary code by adding a file with an executable extension as an attachment to a new ticket, then accessing it via a direct request to the file in files/_tmp/.

Learn more about our User Device Pen Test.