CVE-2021-43779 CRITICAL

CVE-2021-43779: Remote Command Execution vulnerability

Vendor Pluginsglpi

Product addressing

Weakness CWE-20 · Input validation

Published January 5, 2022

Last update September 8, 2025

View on NVD All CVEs

CVSS base score

9.9/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H

What the vulnerability does

01Description

GLPI is an open source IT Asset Management, issue tracking system and service desk system. The GLPI addressing plugin in versions < 2.9.1 suffers from authenticated Remote Code Execution vulnerability, allowing access to the server's underlying operating system using command injection abuse of functionality. There is no workaround for this issue and users are advised to upgrade or to disable the addressing plugin.

Key dates

02Disclosure timeline

January 5, 2022 CVE published

September 8, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-43779 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/20.html

Related vulnerabilities

CVE-2021-43779: Remote Command Execution vulnerability

01Description

02Disclosure timeline

03References

04Related CVE