The Order GLPI plugin allows users to manage order management within GLPI. Starting with version 1.8.0 and prior to versions 2.7.7 and 2.10.1, an authenticated user that has access to standard interface can craft an URL that can be used to execute a system command. Versions 2.7.7 and 2.10.1 contain a patch for this issue. As a workaround, delete the `ajax/dropdownContact.php` file from the plugin.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-04-05T17:53:03.041Z
Updated: 2023-04-05T17:53:03.041Z
Reserved: 2023-03-29T17:39:16.142Z
Link: CVE-2023-29006
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-04-05T18:15:08.657
Modified: 2023-04-12T15:53:29.377
Link: CVE-2023-29006
JSON object: View
Redhat Information
No data.
CWE