Sensitive Information Disclosure in CMDB Plugin for GLPI via Path Traversal
CVE-2022-34125 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
front/icon.send.php in the CMDB plugin before 3.0.3 for GLPI allows attackers to gain read access to sensitive information via a _log/ pathname in the file parameter.
Learn more about our Web Application Penetration Testing UK.