.. / CVE-2021-39211

Exploit for GLPI 9.2/<9.5.6 - Information Disclosure (CVE-2021-39211)

Description:

GLPI 9.2 and prior to 9.5.6 is susceptible to information disclosure via the telemetry endpoint, which discloses GLPI and server information. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.

Nuclei Template

View the template here CVE-2021-39211.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-39211.yaml

References:

https://github.com/StarCrossPortal/scalpel
https://github.com/glpi-project/glpi/releases/tag/9.5.6
https://github.com/ARPSyndicate/kenzer-templates
https://github.com/glpi-project/glpi/security/advisories/GHSA-xx66-v3g5-w825
https://nvd.nist.gov/vuln/detail/CVE-2021-39211

.. / CVE-2021-39211 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for GLPI 9.2/<9.5.6 - Information Disclosure (CVE-2021-39211)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2021-39211