What is CVE-2021-43778?

CVE-2021-43778 is a critical-severity vulnerability in Pluginsglpi Barcode, classified under Path Traversal. CVSS score: 9.1/10. Published 2021-11-24.

How severe is CVE-2021-43778?

Critical severity. CVSS v3 base score is 9.1 out of 10.

Is CVE-2021-43778 known to be exploited?

16 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Pluginsglpi Barcode

CVE-2021-43778

Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability. This issue was patched in version 2.6.1. As…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.904 (99.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N.

Affected products

Pluginsglpi Barcode — versions >= 2.0.0, < 2.6.1

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

References

github.com/pluginsGLPI/barcode/security/advisories/GHSA-2pjh-h828-wcw9 (x_refsource_CONFIRM)
github.com/pluginsGLPI/barcode/commit/428c3d9adfb446e8492b1c2b7affb3d34072ff46 (x_refsource_MISC)
github.com/hansmach1ne/MyExploits/tree/main/Path Traversal in GLPI Barcode plug… (x_refsource_MISC)
github.com/pluginsGLPI/barcode/releases/tag/2.6.1 (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-43778?: CVE-2021-43778 is a critical-severity vulnerability in Pluginsglpi Barcode, classified under Path Traversal. CVSS score: 9.1/10. Published 2021-11-24.
How severe is CVE-2021-43778?: Critical severity. CVSS v3 base score is 9.1 out of 10.
Is CVE-2021-43778 known to be exploited?: 16 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.