CVE-2023-29006

The Order GLPI plugin allows users to manage order management within GLPI. Starting with version 1.8.0 and prior to versions 2.7.7 and 2.10.1, an authenticated user that has access to standard interface can craft an URL that can be used to execute a system command. Versions 2.7.7 and 2.10.1 contain a patch for this issue. As a workaround, delete the `ajax/dropdownContact.php` file from the plugin.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
GitHub_MCNA
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
VendorProductVersion
glpi-projectorder
1.8.0 ≤
𝑥
< 2.7.7
glpi-projectorder
2.10.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/pluginsGLPI/order/commit/c78e64b95e54d5e47d9835984c93049f245b579e
https://github.com/pluginsGLPI/order/security/advisories/GHSA-xfx2-qx2r-3wwm
https://github.com/pluginsGLPI/order/commit/c78e64b95e54d5e47d9835984c93049f245b579e
https://github.com/pluginsGLPI/order/security/advisories/GHSA-xfx2-qx2r-3wwm