Alexandre Delaunay

5 exploits Active since Jul 2019
CVE-2021-43778 WRITEUP CRITICAL WRITEUP
GLPI Barcode Plugin 2.0-2.6.0 - Path Traversal via front/send.php
Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability. This issue was patched in version 2.6.1. As a workaround, delete the `front/send.php` file.
CVSS 9.1
CVE-2019-13239 WRITEUP MEDIUM WRITEUP
GLPI 9.1-9.4.2 - Stored Cross-Site Scripting via User Picture
inc/user.class.php in GLPI before 9.4.3 allows XSS via a user picture.
CVSS 6.1
CVE-2022-21719 WRITEUP MEDIUM WRITEUP
GLPI < 9.5.7 - Reflected Cross-Site Scripting
GLPI is a free asset and IT management software package. All GLPI versions prior to 9.5.7 are vulnerable to reflected cross-site scripting. Version 9.5.7 contains a patch for this issue. There are no known workarounds.
CVSS 6.1
CVE-2022-31068 WRITEUP MEDIUM WRITEUP
GLPI 10.0.0-10.0.1 - Unauthenticated Exposure of Sensitive Information via Native Inventory
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all GLPI instances with the native inventory used may leak sensitive information. The feature to get refused file is not authenticated. This issue has been addressed in version 10.0.2 and all affected users are advised to upgrade.
CVSS 5.3
CVE-2022-31143 WRITEUP MEDIUM WRITEUP
GLPI < 10.0.3 - Exposure of Sensitive Information via Setup Configuration
GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. It was found that in affected versions there is an exposure of private information defined in setup of GLPI (like smtp or cas hosts). Note that passwords are not exposed. Users are advised to upgrade to version 10.0.3. There are no known workarounds for this issue.
CVSS 5.3