CVE-2021-43778

CRITICAL EXPLOITED IN THE WILD NUCLEI

GLPI Barcode Plugin 2.0-2.6.0 - Path Traversal via front/send.php

Title source: llm

Exploitation Summary

CVE-2021-43778 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io). EIP tracks 1 public exploit from researchers including AK-blank. A Nuclei detection template is also available.

AI-analyzed exploit summary This PoC exploits a directory traversal vulnerability in GLPI's barcode plugin to read arbitrary files, such as /etc/passwd. It sends a crafted HTTP GET request to the vulnerable endpoint and checks for the presence of 'root' in the response to confirm exploitation.

Description

Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability. This issue was patched in version 2.6.1. As a workaround, delete the `front/send.php` file.

Exploits (1)

nomisec WORKING POC 3 stars

by AK-blank · infoleak

https://github.com/AK-blank/CVE-2021-43778

View Code ZIP pw:eip

This PoC exploits a directory traversal vulnerability in GLPI's barcode plugin to read arbitrary files, such as /etc/passwd. It sends a crafted HTTP GET request to the vulnerable endpoint and checks for the presence of 'root' in the response to confirm exploitation.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: GLPI with Barcode plugin (versions affected by CVE-2021-43778)

No auth needed

Prerequisites: Target must have GLPI with vulnerable Barcode plugin installed · Network access to the target

MITRE ATT&CK