Sensitive Information Disclosure in CMDB Plugin for GLPI via Path Traversal

Sensitive Information Disclosure in CMDB Plugin for GLPI via Path Traversal

CVE-2022-34125 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

front/icon.send.php in the CMDB plugin before 3.0.3 for GLPI allows attackers to gain read access to sensitive information via a _log/ pathname in the file parameter.

Learn more about our Web Application Penetration Testing UK.