Primary

Context

GLPI Arbitrary File Deletion Vulnerability

Vulnerability

Patched

A vulnerability in GLPI versions 0.78 prior to 10.0.25 and 11.0.0 prior to 11.0.7 allows technicians to delete arbitrary files from the filesystem, provided the webserver has write permissions on those files. This issue arises from insufficient restrictions on file deletion capabilities.

Impact

Exploitation of this vulnerability could lead to unauthorized deletion of files, potentially causing data loss or disruption of services.

Remediation

Users are advised to upgrade to GLPI version 10.0.25 or 11.0.7, both of which include the necessary patch.

Added: Jun 3, 2026, 4:26 PM

Updated: Jun 3, 2026, 4:26 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

4.8

remediation

7.7

relevance

9.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

4.8

remediation

7.7

relevance

9.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GLPI Arbitrary File Deletion Vulnerability

Vulnerability

Impact

Remediation

Affected Products

GLPI

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating