Dashboard Plugin up to 1.0.2 on GLPI main2.php access control

EntryeditHistoryDiffjsonxmlCTI

A vulnerability was found in Dashboard Plugin up to 1.0.2 on GLPI (Forum Software) and classified as critical. This issue affects an unknown code block of the file plugins/dashboard/front/main2.php. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field04/06/2021 02:04 PM04/10/2021 08:15 PM04/10/2021 08:18 PM
nameDashboard PluginDashboard PluginDashboard Plugin
version<=1.0.2<=1.0.2<=1.0.2
platformGLPIGLPIGLPI
fileplugins/dashboard/front/main2.phpplugins/dashboard/front/main2.phpplugins/dashboard/front/main2.php
cwe284 (privilege escalation)284 (privilege escalation)284 (privilege escalation)
risk222
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iNNN
cvss3_vuldb_aNNN
cvss3_vuldb_ePPP
urlhttps://github.com/Kitsun3Sec/exploits/tree/master/cms/GLPI/dashboard-pluginhttps://github.com/Kitsun3Sec/exploits/tree/master/cms/GLPI/dashboard-pluginhttps://github.com/Kitsun3Sec/exploits/tree/master/cms/GLPI/dashboard-plugin
availability111
publicity111
urlhttps://github.com/Kitsun3Sec/exploits/tree/master/cms/GLPI/dashboard-pluginhttps://github.com/Kitsun3Sec/exploits/tree/master/cms/GLPI/dashboard-pluginhttps://github.com/Kitsun3Sec/exploits/tree/master/cms/GLPI/dashboard-plugin
cveCVE-2021-30144CVE-2021-30144CVE-2021-30144
date1617660000 (04/06/2021)1617660000 (04/06/2021)1617660000 (04/06/2021)
typeForum SoftwareForum SoftwareForum Software
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_ciPPP
cvss2_vuldb_iiNNN
cvss2_vuldb_aiNNN
cvss2_vuldb_ePOCPOCPOC
cvss2_vuldb_auSSS
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcNDNDND
cvss3_vuldb_rlXXX
cvss3_vuldb_rcXXX
cvss2_vuldb_basescore4.04.04.0
cvss2_vuldb_tempscore3.63.63.6
cvss3_vuldb_basescore4.34.34.3
cvss3_vuldb_tempscore4.14.14.1
cvss3_meta_basescore4.34.34.3
cvss3_meta_tempscore4.14.14.1
price_0day$0-$5k$0-$5k$0-$5k
cve_assigned16176600001617660000
cve_nvd_summaryThe Dashboard plugin through 1.0.2 for GLPI allows remote low-privileged users to bypass access control on viewing information about the last ten events, the connected users, and the users in the tech category. For example, plugins/dashboard/front/main2.php can be used.The Dashboard plugin through 1.0.2 for GLPI allows remote low-privileged users to bypass access control on viewing information about the last ten events, the connected users, and the users in the tech category. For example, plugins/dashboard/front/main2.php can be used.
cve_cnaMITRE

Do you want to use VulDB in your project?

Use the official API to access entries easily!