First published: Sun Apr 16 2023(Updated: )
front/icon.send.php in the CMDB plugin before 3.0.3 for GLPI allows attackers to gain read access to sensitive information via a _log/ pathname in the file parameter.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Glpi-project Cmdb | <3.0.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-34125 is a vulnerability in the CMDB plugin before 3.0.3 for GLPI that allows attackers to gain read access to sensitive information.
An attacker can exploit CVE-2022-34125 by using a _log/ pathname in the file parameter of front/icon.send.php in the CMDB plugin.
CVE-2022-34125 has a severity rating of medium, with a score of 6.5.
Versions of the CMDB plugin before 3.0.3 for GLPI are affected by CVE-2022-34125.
To fix CVE-2022-34125, update the CMDB plugin to version 3.0.3 or higher.