GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An administrator can trigger SQL injection via dashboards administration. This vulnerability has been patched in version 10.0.9.
References
Link | Resource |
---|---|
https://github.com/glpi-project/glpi/releases/tag/10.0.9 | Release Notes Vendor Advisory |
https://github.com/glpi-project/glpi/security/advisories/GHSA-46gp-f96h-53w4 | Vendor Advisory |
Configurations
History
27 Jul 2023, 14:56
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:* | |
First Time |
Glpi-project
Glpi-project glpi |
|
References | (MISC) https://github.com/glpi-project/glpi/security/advisories/GHSA-46gp-f96h-53w4 - Vendor Advisory | |
References | (MISC) https://github.com/glpi-project/glpi/releases/tag/10.0.9 - Release Notes, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.1 |
13 Jul 2023, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-07-13 23:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-37278
Mitre link : CVE-2023-37278
CVE.ORG link : CVE-2023-37278
JSON object : View
Products Affected
glpi-project
- glpi
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')