CVE-2020-15175 : What You Need to Know

In GLPI before version 9.5.2, a vulnerability exists that allows an unauthenticated user to delete sensitive files, compromising user sessions and logs. This CVE-2020-15175 impacts the GLPI software.

Understanding CVE-2020-15175

This CVE affects GLPI versions prior to 9.5.2, allowing unauthorized file deletion through a specific endpoint.

What is CVE-2020-15175?

In GLPI before version 9.5.2, the vulnerability enables an attacker to delete the .htaccess file in the files directory, granting access to sensitive information like user sessions and logs.

The Impact of CVE-2020-15175

The vulnerability has a CVSS base score of 7.4, with high severity due to its potential for compromising confidentiality, integrity, and user sessions.

Technical Details of CVE-2020-15175

This section provides detailed technical insights into the vulnerability.

Vulnerability Description

The

pluginimage.send.php

endpoint in GLPI before version 9.5.2 allows unauthorized deletion of the .htaccess file, exposing sensitive data.

Affected Systems and Versions

Product: GLPI
Vendor: glpi-project
Versions Affected: < 9.5.2

Exploitation Mechanism

The vulnerability can be exploited by crafting malicious parameters to delete the .htaccess file, granting unauthorized access to sensitive information.

Mitigation and Prevention

Protect your systems from CVE-2020-15175 with the following measures.

Immediate Steps to Take

Upgrade GLPI to version 9.5.2 or later to apply the necessary patch.
Monitor file system changes and access to detect any unauthorized activities.

Long-Term Security Practices

Regularly update software and apply security patches promptly.
Implement access controls and restrictions to prevent unauthorized file modifications.

Patching and Updates

Ensure timely installation of software updates and security patches to mitigate the risk of unauthorized file deletions.