Vulnerability Database

300,445

Total vulnerabilities in the database

CVE-2025-54780

The glpi-screenshot-plugin allows users to take screenshots or screens recording directly from GLPI. In versions below 2.0.2, authenticated user can use the /ajax/screenshot.php endpoint to leak files from the system or use PHP wrappers. This is fixed in version 2.0.2.

Published: Aug 5, 2025
Updated: Aug 6, 2025
CVE: CVE-2025-54780
Exploit:

No technical information available.

CWEs:

CWE-73

Affected Software
References

No affected software listed.

https://github.com/cconard96/glpi-screenshot-plugin/commit/49215b53a05dc792719b69c098df80100208c2c8
https://github.com/cconard96/glpi-screenshot-plugin/security/advisories/GHSA-x6mp-jhxw-9xrp

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo