Unrated severityNVD Advisory· Published Jul 5, 2023· Updated Oct 18, 2024
GLPI vulnerable to SQL injection through Computer Virtual Machine information
CVE-2023-36808
Description
GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.8, Computer Virtual Machine form and GLPI inventory request can be used to perform a SQL injection attack. Version 10.0.8 has a patch for this issue. As a workaround, one may disable native inventory.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2>=0.80, <10.0.8+ 1 more
- (no CPE)range: >=0.80, <10.0.8
- (no CPE)range: >= 0.80, < 10.0.8
Patches
Vulnerability mechanics
References
2- github.com/glpi-project/glpi/releases/tag/10.0.8mitrex_refsource_MISC
- github.com/glpi-project/glpi/security/advisories/GHSA-vf5h-jh9q-2gjmmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.