
We found results for “”
CVE-2025-54780
Good to know:

Date: August 4, 2025
The glpi-screenshot-plugin allows users to take screenshots or screens recording directly from GLPI. In versions below 2.0.2, authenticated user can use the /ajax/screenshot.php endpoint to leak files from the system or use PHP wrappers. This is fixed in version 2.0.2.
Severity Score
Related Resources (4)
Severity Score
Weakness Type (CWE)
External Control of File Name or Path
CWE-73Top Fix

Upgrade Version
Upgrade to version https://github.com/cconard96/glpi-screenshot-plugin.git - v2.0.2
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | CHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | NONE |
Availability (A): | NONE |