CVE-2020-11060

HIGH

GLPI < 9.4.6 - Authenticated Remote Code Execution via Backup Functionality

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2020-11060. PoCs published by Brian Peters, 0xdreadnaught.

AI-analyzed exploit summary This exploit targets CVE-2020-11060, a remote code execution vulnerability in GLPI versions 0.8.5 to 9.4.5. The script uses a crafted payload to achieve RCE via GZIP decompression manipulation.

Description

In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality. Theoretically, this vulnerability can be exploited by an attacker without a valid account by using a CSRF. Due to the difficulty of the exploitation, the attack is only conceivable by an account having Maintenance privileges and the right to add WIFI networks. This is fixed in version 9.4.6.

Exploits (3)

exploitdb WORKING POC

by Brian Peters · pythonwebappsphp

https://www.exploit-db.com/exploits/51726

View Code ZIP pw:eip

This exploit targets CVE-2020-11060, a remote code execution vulnerability in GLPI versions 0.8.5 to 9.4.5. The script uses a crafted payload to achieve RCE via GZIP decompression manipulation.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: GLPI 0.8.5-9.4.5

No auth needed

Prerequisites: Network access to the GLPI instance · GLPI version between 0.8.5 and 9.4.5

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC

by Brian Peters · pythonwebappsphp

https://www.exploit-db.com/exploits/49992

View Code ZIP pw:eip

This exploit leverages a deserialization vulnerability in GLPI's backup functionality to achieve remote code execution by manipulating WiFi network entries and triggering a malicious backup dump. It requires authentication and iteratively attempts to create a webshell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: GLPI < 9.4.6

Auth required

Prerequisites: Valid GLPI credentials · Access to WiFi network management feature · Write access to backup functionality

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 8 stars

by 0xdreadnaught · poc

https://github.com/0xdreadnaught/cve-2020-11060-poc

View Code ZIP pw:eip

This PoC exploits CVE-2020-11060, a remote code execution vulnerability in GLPI. The script sends a malicious payload to the target system, leveraging a command injection flaw in the application.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: GLPI (version not specified)

No auth needed

Prerequisites: Network access to the target GLPI instance · Python environment with required libraries (requests, lxml)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Patch, Third Party Advisory x_refsource_confirm

https://github.com/glpi-project/glpi/security/advisories/GHSA-cvvq-3fww-5v6f

Patch, Third Party Advisory x_refsource_misc

https://github.com/glpi-project/glpi/commit/ad748d59c94da177a3ed25111c453902396f320c

View Patch ZIP pw:eip

Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/163119/GLPI-9.4.5-Remote-Code-Execution.html

Scores

CVSS v3 7.4

EPSS 0.1095

EPSS Percentile 95.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Details

CWE

CWE-352 CWE-74

Status published

Products (1)

glpi-project/glpi < 9.4.6

Published May 12, 2020

Tracked Since Feb 18, 2026