Impact
An attacker can execute system commands by abusing the backup functionality.
Theoretically, this vulnerability can be exploited by an attacker without a valid account by using a CSRF.
Due to the difficulty of the exploitation for an attacker without a valid account, the attack is only conceivable by an account having Maintenance privileges and the right to add WIFI networks.
Patches
ad748d5
Workarounds
Delete the front/backup.php file.
Versions affected
Details are in the reference below.
Reference
https://offsec.almond.consulting/playing-with-gzip-rce-in-glpi.html
For more information
If you have any questions or comments about this advisory:
Impact
An attacker can execute system commands by abusing the backup functionality.
Theoretically, this vulnerability can be exploited by an attacker without a valid account by using a CSRF.
Due to the difficulty of the exploitation for an attacker without a valid account, the attack is only conceivable by an account having Maintenance privileges and the right to add WIFI networks.
Patches
ad748d5
Workarounds
Delete the front/backup.php file.
Versions affected
Details are in the reference below.
Reference
https://offsec.almond.consulting/playing-with-gzip-rce-in-glpi.html
For more information
If you have any questions or comments about this advisory: