Vulnerability Details CVE-2022-31062
### Impact A plugin public script can be used to read content of system files. ### Patches Upgrade to version 1.0.2. ### Workarounds `b/deploy/index.php` file can be deleted if deploy feature is not used.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.044
EPSS Ranking 88.5%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
- http://packetstormsecurity.com/files/171654/GLPI-Glpiinventory-1.0.1-Local-File-Inclusion.html
- https://github.com/glpi-project/glpi-inventory-plugin/security/advisories/GHSA-q33f-jcjf-p4v9
- http://packetstormsecurity.com/files/171654/GLPI-Glpiinventory-1.0.1-Local-File-Inclusion.html
- https://github.com/glpi-project/glpi-inventory-plugin/security/advisories/GHSA-q33f-jcjf-p4v9
Products affected by CVE-2022-31062
-
cpe:2.3:a:glpi-project:glpi_inventory:-
-
cpe:2.3:a:glpi-project:glpi_inventory:1.0.0
-
cpe:2.3:a:glpi-project:glpi_inventory:1.0.1