PT-2019-12839 · Stdonato+1 · Stdonato Dashboard Plugin+1

Published

2019-06-02

Updated

2020-08-24

CVE-2019-12530

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GLPI stdonato Dashboard plugin versions through 0.9.7

Description Incorrect access control was discovered in the stdonato Dashboard plugin for GLPI, affecting several PHP files in the front/sh directory, including df.php, issue.php, load.php, mem.php, traf.php, and uptime.php.

Recommendations For versions through 0.9.7, consider restricting access to the affected PHP files until a patch is available. As a temporary workaround, limit access to the front/sh directory to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2019-12530

Affected Products

Glpi

Stdonato Dashboard Plugin

PT-2019-12839 · Stdonato+1 · Stdonato Dashboard Plugin+1

CVE-2019-12530

Weakness Enumeration

Related Identifiers

Affected Products

References · 3