漏洞描述
GLPI是个人开发者的一款开源IT和资产管理软件,Barcode 是一个用于打印条码和二维码的 GLPI 插件。安装了条形码插件的 2.6.1 版之前的GLPI 实例 2.x 版容易受到路径遍历漏洞的影响,攻击者可以注入“../”来转义并读取受影响设备上的所有可读文件。
GLPI Barcode 插件路径遍历漏洞(CVE-2021-43778)
PoC代码
暂无相关漏洞推荐
-
CVE-2019-10232: Teclib GLPI <= 9.3.3 - Unauthenticated SQL Injection POC
2025-08-01 | Teclib GLPITeclib GLPI <= 9.3.3 exposes a script (/scripts/unlock_tasks.php) that incorrectly sanitizes user... -
CVE-2020-11034: GLPI <9.4.6 - Open Redirect POC
2025-08-01 | GLPIGLPI prior 9.4.6 contains an open redirect vulnerability based on a regexp. -
CVE-2021-39211: GLPI 9.2/<9.5.6 - Information Disclosure POC
2025-08-01 | GLPI 9.2GLPI 9.2 and prior to 9.5.6 is susceptible to information disclosure via the telemetry endpoint, whi... -
ShowDoc /server/index.php?s=/api/adminUpdate/download 文件上传漏洞(CVE-2021-36440) 无POC
2025-09-12 | ShowDocShowDoc 2.9.5版本存在一个高危的文件上传漏洞(CVE-2021-36440),该漏洞源于系统未能对上传文件的类型进行充分验证。攻击者可以绕过安全限制上传任意类型的危险文件,包括但不限于PH... -
CVE-2021-1497: Cisco HyperFlex HX Data Platform - Remote Command Execution POC
2025-09-01 | Cisco HyperFlex HX Data PlatformCisco HyperFlex HX contains multiple vulnerabilities in the web-based management interface that coul...