Unrated severityNVD Advisory· Published Jun 28, 2022· Updated Apr 23, 2025

SQL injection on login page in GLPI

CVE-2022-31061

Description

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions there is a SQL injection vulnerability which is possible on login page. No user credentials are required to exploit this vulnerability. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.

Affected products

Glpi Project/Glpiv5
Range: >= 9.3.0, < 9.5.8

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/glpi-project/glpi/commit/21ae07d00d0b3230f6235386e98388cfc5bb0514mitrex_refsource_MISC
github.com/glpi-project/glpi/security/advisories/GHSA-w2gc-v2gm-q7wqmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.037
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000