CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-7562

A remote code execution issue was discovered in GLPI through 9.2.1. There is a race condition that allows temporary access to an uploaded executable file that will be disallowed. The application allows an authenticated user to upload a file when he/she creates a new ticket via front/fileupload.php. This feature is protected using different types of security features like the check on the file's extension. However, the application uploads and creates a file, though this file is not allowed, and then deletes the file in the uploadFiles method in inc/glpiuploaderhandler.class.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 47.0%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 6.0

References

Products affected by CVE-2018-7562

Glpi-Project » Glpi » Version: N/A

cpe:2.3:a:glpi-project:glpi:-
Glpi-Project » Glpi » Version: 0.20

cpe:2.3:a:glpi-project:glpi:0.20
Glpi-Project » Glpi » Version: 0.20.1

cpe:2.3:a:glpi-project:glpi:0.20.1
Glpi-Project » Glpi » Version: 0.21

cpe:2.3:a:glpi-project:glpi:0.21
Glpi-Project » Glpi » Version: 0.30

cpe:2.3:a:glpi-project:glpi:0.30
Glpi-Project » Glpi » Version: 0.31

cpe:2.3:a:glpi-project:glpi:0.31
Glpi-Project » Glpi » Version: 0.40

cpe:2.3:a:glpi-project:glpi:0.40
Glpi-Project » Glpi » Version: 0.41

cpe:2.3:a:glpi-project:glpi:0.41
Glpi-Project » Glpi » Version: 0.42

cpe:2.3:a:glpi-project:glpi:0.42
Glpi-Project » Glpi » Version: 0.5

cpe:2.3:a:glpi-project:glpi:0.5
Glpi-Project » Glpi » Version: 0.50

cpe:2.3:a:glpi-project:glpi:0.50
Glpi-Project » Glpi » Version: 0.51

cpe:2.3:a:glpi-project:glpi:0.51
Glpi-Project » Glpi » Version: 0.51a

cpe:2.3:a:glpi-project:glpi:0.51a
Glpi-Project » Glpi » Version: 0.6

cpe:2.3:a:glpi-project:glpi:0.6
Glpi-Project » Glpi » Version: 0.60

cpe:2.3:a:glpi-project:glpi:0.60
Glpi-Project » Glpi » Version: 0.65

cpe:2.3:a:glpi-project:glpi:0.65
Glpi-Project » Glpi » Version: 0.68

cpe:2.3:a:glpi-project:glpi:0.68
Glpi-Project » Glpi » Version: 0.68.1

cpe:2.3:a:glpi-project:glpi:0.68.1
Glpi-Project » Glpi » Version: 0.68.2

cpe:2.3:a:glpi-project:glpi:0.68.2
Glpi-Project » Glpi » Version: 0.68.3

cpe:2.3:a:glpi-project:glpi:0.68.3
Glpi-Project » Glpi » Version: 0.68.3-2

cpe:2.3:a:glpi-project:glpi:0.68.3-2
Glpi-Project » Glpi » Version: 0.70

cpe:2.3:a:glpi-project:glpi:0.70
Glpi-Project » Glpi » Version: 0.70.1

cpe:2.3:a:glpi-project:glpi:0.70.1
Glpi-Project » Glpi » Version: 0.70.2

cpe:2.3:a:glpi-project:glpi:0.70.2
Glpi-Project » Glpi » Version: 0.71

cpe:2.3:a:glpi-project:glpi:0.71
Glpi-Project » Glpi » Version: 0.71.1

cpe:2.3:a:glpi-project:glpi:0.71.1
Glpi-Project » Glpi » Version: 0.71.2

cpe:2.3:a:glpi-project:glpi:0.71.2
Glpi-Project » Glpi » Version: 0.71.3

cpe:2.3:a:glpi-project:glpi:0.71.3
Glpi-Project » Glpi » Version: 0.71.4

cpe:2.3:a:glpi-project:glpi:0.71.4
Glpi-Project » Glpi » Version: 0.71.5

cpe:2.3:a:glpi-project:glpi:0.71.5
Glpi-Project » Glpi » Version: 0.71.6

cpe:2.3:a:glpi-project:glpi:0.71.6
Glpi-Project » Glpi » Version: 0.72

cpe:2.3:a:glpi-project:glpi:0.72
Glpi-Project » Glpi » Version: 0.72.1

cpe:2.3:a:glpi-project:glpi:0.72.1
Glpi-Project » Glpi » Version: 0.72.2

cpe:2.3:a:glpi-project:glpi:0.72.2
Glpi-Project » Glpi » Version: 0.72.21

cpe:2.3:a:glpi-project:glpi:0.72.21
Glpi-Project » Glpi » Version: 0.72.3

cpe:2.3:a:glpi-project:glpi:0.72.3
Glpi-Project » Glpi » Version: 0.72.4

cpe:2.3:a:glpi-project:glpi:0.72.4
Glpi-Project » Glpi » Version: 0.78

cpe:2.3:a:glpi-project:glpi:0.78
Glpi-Project » Glpi » Version: 0.78.1

cpe:2.3:a:glpi-project:glpi:0.78.1
Glpi-Project » Glpi » Version: 0.78.2

cpe:2.3:a:glpi-project:glpi:0.78.2
Glpi-Project » Glpi » Version: 0.78.3

cpe:2.3:a:glpi-project:glpi:0.78.3
Glpi-Project » Glpi » Version: 0.78.4

cpe:2.3:a:glpi-project:glpi:0.78.4
Glpi-Project » Glpi » Version: 0.78.5

cpe:2.3:a:glpi-project:glpi:0.78.5
Glpi-Project » Glpi » Version: 0.80

cpe:2.3:a:glpi-project:glpi:0.80
Glpi-Project » Glpi » Version: 0.80.1

cpe:2.3:a:glpi-project:glpi:0.80.1
Glpi-Project » Glpi » Version: 0.80.2

cpe:2.3:a:glpi-project:glpi:0.80.2
Glpi-Project » Glpi » Version: 0.80.3

cpe:2.3:a:glpi-project:glpi:0.80.3
Glpi-Project » Glpi » Version: 0.80.4

cpe:2.3:a:glpi-project:glpi:0.80.4
Glpi-Project » Glpi » Version: 0.80.5

cpe:2.3:a:glpi-project:glpi:0.80.5
Glpi-Project » Glpi » Version: 0.80.6

cpe:2.3:a:glpi-project:glpi:0.80.6
Glpi-Project » Glpi » Version: 0.80.61

cpe:2.3:a:glpi-project:glpi:0.80.61
Glpi-Project » Glpi » Version: 0.80.7

cpe:2.3:a:glpi-project:glpi:0.80.7
Glpi-Project » Glpi » Version: 0.83

cpe:2.3:a:glpi-project:glpi:0.83
Glpi-Project » Glpi » Version: 0.83.1

cpe:2.3:a:glpi-project:glpi:0.83.1
Glpi-Project » Glpi » Version: 0.83.2

cpe:2.3:a:glpi-project:glpi:0.83.2
Glpi-Project » Glpi » Version: 0.83.3

cpe:2.3:a:glpi-project:glpi:0.83.3
Glpi-Project » Glpi » Version: 0.83.31

cpe:2.3:a:glpi-project:glpi:0.83.31
Glpi-Project » Glpi » Version: 0.83.4

cpe:2.3:a:glpi-project:glpi:0.83.4
Glpi-Project » Glpi » Version: 0.83.5

cpe:2.3:a:glpi-project:glpi:0.83.5
Glpi-Project » Glpi » Version: 0.83.6

cpe:2.3:a:glpi-project:glpi:0.83.6
Glpi-Project » Glpi » Version: 0.83.7

cpe:2.3:a:glpi-project:glpi:0.83.7
Glpi-Project » Glpi » Version: 0.83.8

cpe:2.3:a:glpi-project:glpi:0.83.8
Glpi-Project » Glpi » Version: 0.83.9

cpe:2.3:a:glpi-project:glpi:0.83.9
Glpi-Project » Glpi » Version: 0.83.91

cpe:2.3:a:glpi-project:glpi:0.83.91
Glpi-Project » Glpi » Version: 0.84

cpe:2.3:a:glpi-project:glpi:0.84
Glpi-Project » Glpi » Version: 0.84.1

cpe:2.3:a:glpi-project:glpi:0.84.1
Glpi-Project » Glpi » Version: 0.84.2

cpe:2.3:a:glpi-project:glpi:0.84.2
Glpi-Project » Glpi » Version: 0.84.3

cpe:2.3:a:glpi-project:glpi:0.84.3
Glpi-Project » Glpi » Version: 0.84.4

cpe:2.3:a:glpi-project:glpi:0.84.4
Glpi-Project » Glpi » Version: 0.84.5

cpe:2.3:a:glpi-project:glpi:0.84.5
Glpi-Project » Glpi » Version: 0.84.6

cpe:2.3:a:glpi-project:glpi:0.84.6
Glpi-Project » Glpi » Version: 0.84.7

cpe:2.3:a:glpi-project:glpi:0.84.7
Glpi-Project » Glpi » Version: 0.84.8

cpe:2.3:a:glpi-project:glpi:0.84.8
Glpi-Project » Glpi » Version: 0.85

cpe:2.3:a:glpi-project:glpi:0.85
Glpi-Project » Glpi » Version: 0.85.1

cpe:2.3:a:glpi-project:glpi:0.85.1
Glpi-Project » Glpi » Version: 0.85.2

cpe:2.3:a:glpi-project:glpi:0.85.2
Glpi-Project » Glpi » Version: 0.85.3

cpe:2.3:a:glpi-project:glpi:0.85.3
Glpi-Project » Glpi » Version: 0.85.4

cpe:2.3:a:glpi-project:glpi:0.85.4
Glpi-Project » Glpi » Version: 0.85.5

cpe:2.3:a:glpi-project:glpi:0.85.5
Glpi-Project » Glpi » Version: 0.90

cpe:2.3:a:glpi-project:glpi:0.90
Glpi-Project » Glpi » Version: 0.90.1

cpe:2.3:a:glpi-project:glpi:0.90.1
Glpi-Project » Glpi » Version: 0.90.2

cpe:2.3:a:glpi-project:glpi:0.90.2
Glpi-Project » Glpi » Version: 0.90.3

cpe:2.3:a:glpi-project:glpi:0.90.3
Glpi-Project » Glpi » Version: 0.90.4

cpe:2.3:a:glpi-project:glpi:0.90.4
Glpi-Project » Glpi » Version: 0.90.5

cpe:2.3:a:glpi-project:glpi:0.90.5
Glpi-Project » Glpi » Version: 9.1

cpe:2.3:a:glpi-project:glpi:9.1
Glpi-Project » Glpi » Version: 9.1.0

cpe:2.3:a:glpi-project:glpi:9.1.0
Glpi-Project » Glpi » Version: 9.1.1

cpe:2.3:a:glpi-project:glpi:9.1.1
Glpi-Project » Glpi » Version: 9.1.2

cpe:2.3:a:glpi-project:glpi:9.1.2
Glpi-Project » Glpi » Version: 9.1.3

cpe:2.3:a:glpi-project:glpi:9.1.3
Glpi-Project » Glpi » Version: 9.1.4

cpe:2.3:a:glpi-project:glpi:9.1.4
Glpi-Project » Glpi » Version: 9.1.5

cpe:2.3:a:glpi-project:glpi:9.1.5
Glpi-Project » Glpi » Version: 9.1.6

cpe:2.3:a:glpi-project:glpi:9.1.6
Glpi-Project » Glpi » Version: 9.1.7

cpe:2.3:a:glpi-project:glpi:9.1.7
Glpi-Project » Glpi » Version: 9.1.7.1

cpe:2.3:a:glpi-project:glpi:9.1.7.1
Glpi-Project » Glpi » Version: 9.2

cpe:2.3:a:glpi-project:glpi:9.2
Glpi-Project » Glpi » Version: 9.2.0

cpe:2.3:a:glpi-project:glpi:9.2.0
Glpi-Project » Glpi » Version: 9.2.1

cpe:2.3:a:glpi-project:glpi:9.2.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-7562

Products

Pricing

Contact Us