PT-2025-31884 · Glpi · Glpi-Screenshot-Plugin

Rootjog

Published

2025-08-05

Updated

2025-08-05

CVE-2025-54780

Report an issue

CVSS v3.1

7.7

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions:

glpi-screenshot-plugin versions prior to 2.0.2

Description:

The glpi-screenshot-plugin allows users to take screenshots or screen recordings directly from GLPI. Authenticated users can use the `/ajax/screenshot.php` endpoint to leak files from the system or use PHP wrappers in versions prior to 2.0.2.

Recommendations:

Update to glpi-screenshot-plugin version 2.0.2 or later.

Fix

Weakness Enumeration

CWE-73

Related Identifiers

CVE-2025-54780

GHSA-X6MP-JHXW-9XRP

Affected Products

Glpi-Screenshot-Plugin

PT-2025-31884 · Glpi · Glpi-Screenshot-Plugin

Weakness Enumeration

Related Identifiers

Affected Products

References · 7