CNNVD-202508-286 Information

CNNVD ID

CNNVD-202508-286

Related CVE

CVE-2025-54780

• CNNVD Published: 2025-08-05

Description (Chinese)

glpi-inventory-plugin是GLPI开源的一个 GLPI 库存插件。 glpi-inventory-plugin 2.0.2之前版本存在安全漏洞，该漏洞源于/ajax/screenshot.php端点存在文件泄露漏洞。

Description (English)

glpi-inventory-plugin is a GLPI inventory plugin for the GLPI open source. There was a security loophole in the previous version of glpi-inventory-plugin 2.0.2, which originated from a file leak leak at/ajax/screenshot.php endpoint.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

GLPI

Published

2025-08-05

Last Modified

2026-02-24

References

https://github.com/cconard96/glpi-screenshot-plugin/commit/49215b53a05dc792719b69c098df80100208c2c8 https://github.com/cconard96/glpi-screenshot-plugin/security/advisories/GHSA-x6mp-jhxw-9xrp https://access.redhat.com/security/cve/cve-2025-54780

Patch

https://github.com/cconard96/glpi-screenshot-plugin/releases