CVE-2025-54780
Published
CVSS v3
7.7
HIGH
CVSS v2
N/A
Affected
1
PROJECT
Description
The glpi-screenshot-plugin allows users to take screenshots or screens recording directly from GLPI. In versions below 2.0.2, authenticated user can use the /ajax/screenshot.php endpoint to leak files from the system or use PHP wrappers. This is fixed in version 2.0.2.
Take a screenshot or screen recording directly from GLPI and attach it to a ticket, change or problem
GitHub