Nuri Çilengir

#6822of 53,633
39.7Total CVSS
Vulnerabilities · 5
Medium
1
High
3
Critical
1
PT-2023-29948
8.4
2023-10-22
Netmodule · Netmodule Router · CVE-2023-46306
**Name of the Vulnerable Software and Affected Versions** NetModule Router Software versions 4.6 through 4.6.0.105 NetModule Router Software versions 4.8 through 4.8.0.100 **Description** The web administration interface in NetModule Router Software executes an OS command, potentially leading to remote code execution. **Recommendations** For NetModule Router Software versions 4.6 through 4.6.0.105, update to version 4.6.0.106 or later. For NetModule Router Software versions 4.8 through 4.8.0.100, update to version 4.8.0.101 or later.
PT-2023-13337
6.5
2023-04-16
Glpi · Glpi Cmdb Plugin · CVE-2022-34125
**Name of the Vulnerable Software and Affected Versions** GLPI CMDB plugin versions prior to 3.0.3 **Description** The issue allows attackers to gain read access to sensitive information via a ` log/` pathname in the `file` parameter. This is achieved by exploiting the `front/icon.send.php` file in the CMDB plugin for GLPI. **Recommendations** For versions prior to 3.0.3, update to version 3.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the `front/icon.send.php` file to minimize the risk of exploitation. Avoid using the ` log/` pathname in the `file` parameter until the issue is resolved.
PT-2023-13338
7.5
2023-04-16
Glpi · Glpi Activity Plugin · CVE-2022-34126
**Name of the Vulnerable Software and Affected Versions** GLPI Activity plugin versions prior to 3.1.1 **Description** The issue allows reading local files via directory traversal in the "front/cra.send.php" file parameter. This can potentially lead to unauthorized access to sensitive information. **Recommendations** For versions prior to 3.1.1, update to version 3.1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "front/cra.send.php" file to minimize the risk of exploitation.
PT-2023-13339
7.5
2023-04-16
Glpi · Managentities · CVE-2022-34127
**Name of the Vulnerable Software and Affected Versions** Managentities plugin versions prior to 4.0.2 for GLPI **Description** The issue allows reading local files via directory traversal in the inc/cri.class.php file parameter. **Recommendations** For versions prior to 4.0.2, update to version 4.0.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the inc/cri.class.php file to minimize the risk of exploitation.
PT-2023-13340
9.8
2023-04-16
Glpi · Glpi Cartography Plugin · CVE-2022-34128
**Name of the Vulnerable Software and Affected Versions** GLPI Cartography plugin versions prior to 6.0.1 **Description** The issue allows remote code execution via PHP code in the POST data to "front/upload.php". This enables an attacker to execute arbitrary PHP code on the server. **Recommendations** For GLPI Cartography plugin versions prior to 6.0.1, update to version 6.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "front/upload.php" endpoint to minimize the risk of exploitation.