The writeup details an unsafe reflection vulnerability in GLPI <=9.5.3, where the `getItemForItemtype()` function instantiates arbitrary classes without proper input validation, allowing unauthenticated attackers to trigger sensitive operations via constructors or destructors. The analysis includes vulnerable code snippets, a proof-of-concept request, and references to technical advisories.
Classification
Writeup 95%
Target:
GLPI <=9.5.3
No auth needed
Prerequisites:
Access to the target GLPI instance · Knowledge of existing classes in the GLPI environment