CVE-2023-42802

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 2, 2023

Updated: Nov 9, 2023

CWE ID 434

CWE ID 20

Summary

CVE-2023-42802 is a vulnerability affecting GLPI, a free asset and IT management software. Versions 10.0.7 and earlier are impacted. An unverified object instantiation flaw allows unauthorized upload of malicious PHP files into unwanted directories. Depending on web server configuration and accessible system libraries, these files can be executed through a web server request, potentially leading to security compromises. The issue is resolved in version 10.0.10. As a temporary measure, administrators can deny write access to `/ajax` and `/front` directories for the web server.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sr759F
https://www.cve.org/CVERecord?id=CVE-2023-42802
https://nvd.nist.gov/vuln/detail/CVE-2023-42802

Back to Vulnerability Database

CVE-2023-42802

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations