Exploitation Summary
EIP tracks 1 public exploit for CVE-2022-34127. PoCs published by Nuri Çilengir.
AI-analyzed exploit summary This exploit demonstrates an unauthenticated Local File Inclusion (LFI) vulnerability in GLPI Manageentities plugin versions prior to 4.0.2. The PoC uses a crafted HTTP GET request to traverse directories and read arbitrary files, such as the hosts file.
Description
The Managentities plugin before 4.0.2 for GLPI allows reading local files via directory traversal in the inc/cri.class.php file parameter.
Exploits (1)
This exploit demonstrates an unauthenticated Local File Inclusion (LFI) vulnerability in GLPI Manageentities plugin versions prior to 4.0.2. The PoC uses a crafted HTTP GET request to traverse directories and read arbitrary files, such as the hosts file.
References (3)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N