Unrated severityNVD Advisory· Published Jul 13, 2023· Updated Oct 18, 2024

GLPI vulnerable to SQL injection via dashboard administration

CVE-2023-37278

Description

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An administrator can trigger SQL injection via dashboards administration. This vulnerability has been patched in version 10.0.9.

Affected products

Glpi Project/Glpiv5
Range: >= 9.5.0, < 10.0.9

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/glpi-project/glpi/releases/tag/10.0.9mitrex_refsource_MISC
github.com/glpi-project/glpi/security/advisories/GHSA-46gp-f96h-53w4mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000