Vulnerability Details CVE-2014-8360
Directory traversal vulnerability in inc/autoload.function.php in GLPI before 0.84.8 allows remote attackers to include and execute arbitrary local files via a .._ (dot dot underscore) in an item type to the getItemForItemtype, as demonstrated by the itemtype parameter in ajax/common.tabs.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 75.8%
CVSS Severity
CVSS v2 Score 7.5
References
- http://advisories.mageia.org/MGASA-2015-0017.html
- http://tlk.tuxfamily.org/doku.php?id=writeup:cve-2014-8360-en
- http://www.glpi-project.org/spip.php?page=annonce&id_breve=330
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:167
- https://forge.indepnet.net/issues/5101
- http://advisories.mageia.org/MGASA-2015-0017.html
- http://tlk.tuxfamily.org/doku.php?id=writeup:cve-2014-8360-en
- http://www.glpi-project.org/spip.php?page=annonce&id_breve=330
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:167
- https://forge.indepnet.net/issues/5101
Products affected by CVE-2014-8360
-
cpe:2.3:a:glpi-project:glpi:-
-
cpe:2.3:a:glpi-project:glpi:0.20
-
cpe:2.3:a:glpi-project:glpi:0.20.1
-
cpe:2.3:a:glpi-project:glpi:0.21
-
cpe:2.3:a:glpi-project:glpi:0.30
-
cpe:2.3:a:glpi-project:glpi:0.31
-
cpe:2.3:a:glpi-project:glpi:0.40
-
cpe:2.3:a:glpi-project:glpi:0.41
-
cpe:2.3:a:glpi-project:glpi:0.42
-
cpe:2.3:a:glpi-project:glpi:0.5
-
cpe:2.3:a:glpi-project:glpi:0.50
-
cpe:2.3:a:glpi-project:glpi:0.51
-
cpe:2.3:a:glpi-project:glpi:0.51a
-
cpe:2.3:a:glpi-project:glpi:0.6
-
cpe:2.3:a:glpi-project:glpi:0.60
-
cpe:2.3:a:glpi-project:glpi:0.65
-
cpe:2.3:a:glpi-project:glpi:0.68
-
cpe:2.3:a:glpi-project:glpi:0.68.1
-
cpe:2.3:a:glpi-project:glpi:0.68.2
-
cpe:2.3:a:glpi-project:glpi:0.68.3
-
cpe:2.3:a:glpi-project:glpi:0.68.3-2
-
cpe:2.3:a:glpi-project:glpi:0.70
-
cpe:2.3:a:glpi-project:glpi:0.70.1
-
cpe:2.3:a:glpi-project:glpi:0.70.2
-
cpe:2.3:a:glpi-project:glpi:0.71
-
cpe:2.3:a:glpi-project:glpi:0.71.1
-
cpe:2.3:a:glpi-project:glpi:0.71.2
-
cpe:2.3:a:glpi-project:glpi:0.71.3
-
cpe:2.3:a:glpi-project:glpi:0.71.4
-
cpe:2.3:a:glpi-project:glpi:0.71.5
-
cpe:2.3:a:glpi-project:glpi:0.71.6
-
cpe:2.3:a:glpi-project:glpi:0.72
-
cpe:2.3:a:glpi-project:glpi:0.72.1
-
cpe:2.3:a:glpi-project:glpi:0.72.2
-
cpe:2.3:a:glpi-project:glpi:0.72.21
-
cpe:2.3:a:glpi-project:glpi:0.72.3
-
cpe:2.3:a:glpi-project:glpi:0.72.4
-
cpe:2.3:a:glpi-project:glpi:0.78
-
cpe:2.3:a:glpi-project:glpi:0.78.1
-
cpe:2.3:a:glpi-project:glpi:0.78.2
-
cpe:2.3:a:glpi-project:glpi:0.78.3
-
cpe:2.3:a:glpi-project:glpi:0.78.4
-
cpe:2.3:a:glpi-project:glpi:0.78.5
-
cpe:2.3:a:glpi-project:glpi:0.80
-
cpe:2.3:a:glpi-project:glpi:0.80.1
-
cpe:2.3:a:glpi-project:glpi:0.80.2
-
cpe:2.3:a:glpi-project:glpi:0.80.3
-
cpe:2.3:a:glpi-project:glpi:0.80.4
-
cpe:2.3:a:glpi-project:glpi:0.80.5
-
cpe:2.3:a:glpi-project:glpi:0.80.6
-
cpe:2.3:a:glpi-project:glpi:0.80.61
-
cpe:2.3:a:glpi-project:glpi:0.80.7
-
cpe:2.3:a:glpi-project:glpi:0.83
-
cpe:2.3:a:glpi-project:glpi:0.83.1
-
cpe:2.3:a:glpi-project:glpi:0.83.2
-
cpe:2.3:a:glpi-project:glpi:0.83.3
-
cpe:2.3:a:glpi-project:glpi:0.83.31
-
cpe:2.3:a:glpi-project:glpi:0.83.4
-
cpe:2.3:a:glpi-project:glpi:0.83.5
-
cpe:2.3:a:glpi-project:glpi:0.83.6
-
cpe:2.3:a:glpi-project:glpi:0.83.7
-
cpe:2.3:a:glpi-project:glpi:0.83.8
-
cpe:2.3:a:glpi-project:glpi:0.83.9
-
cpe:2.3:a:glpi-project:glpi:0.83.91
-
cpe:2.3:a:glpi-project:glpi:0.84
-
cpe:2.3:a:glpi-project:glpi:0.84.1
-
cpe:2.3:a:glpi-project:glpi:0.84.2
-
cpe:2.3:a:glpi-project:glpi:0.84.3
-
cpe:2.3:a:glpi-project:glpi:0.84.4
-
cpe:2.3:a:glpi-project:glpi:0.84.5
-
cpe:2.3:a:glpi-project:glpi:0.84.6
-
cpe:2.3:a:glpi-project:glpi:0.84.7