CVE-2020-15175

Name of the Vulnerable Software and Affected Versions GLPI versions prior to 9.5.2

Description The issue allows a user to specify an image from a plugin through the "pluginimage.send.php" endpoint. The parameters can be maliciously crafted to delete the .htaccess file for the files directory, enabling any user to read all the files and folders contained in "/files/". This compromises sensitive information, including user sessions and logs. An attacker can obtain the Administrator's session token and use it to authenticate.

Recommendations For versions prior to 9.5.2, update to version 9.5.2 to resolve the issue. As a temporary workaround, consider restricting access to the "pluginimage.send.php" endpoint until the update is applied. Additionally, monitor the "/files/" directory for any unauthorized access or changes.