CVE ID: CVE-2024-31705 Title : RCE to Shell Commands" Plugin / GLPI Shell Command Management Interface
Affected Product : GLPI - 10.X.X and last version Description: An issue in Infotel Conseil GLPI v.10.X.X and after allows a remote attacker to execute arbitrary code via the insufficient validation of user-supplied input. Affected Component : A remote code execution (RCE) vulnerability has been identified in the 'Shell Commands' plugin of GLPI. This vulnerability affects all versions of the software, allowing a remote attacker to execute arbitrary code on the system. Attack Vectors : A remote code execution (RCE) vulnerability has been identified in the 'Shell Commands' plugin of the GLPI (Gestionnaire Libre de Parc Informatique) system. This vulnerability is present in all versions of the plugin and allows remote attackers to execute arbitrary code on the system. The flaw stems from insufficient validation of user-supplied input within the plugin's functionality to execute shell commands. Recommendation: Deactivate the Shell Commands plugin or apply strict restrictions to its access, please note that GLPI has already removed it from its marketplace. Reference : https://github.com/V3locidad/GLPI_POC_Plugins_Shell Discoverer: Julien Mula / V3locidad _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
