CVE-2022-34128

Name of the Vulnerable Software and Affected Versions GLPI Cartography plugin versions prior to 6.0.1

Description The issue allows remote code execution via PHP code in the POST data to "front/upload.php". This enables an attacker to execute arbitrary PHP code on the server.

Recommendations For GLPI Cartography plugin versions prior to 6.0.1, update to version 6.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "front/upload.php" endpoint to minimize the risk of exploitation.