Unrated severityNVD Advisory· Published Dec 13, 2023· Updated Aug 2, 2024

glpi Authenticated SQL Injection

CVE-2023-43813

Description

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, the saved search feature can be used to perform a SQL injection. Version 10.0.11 contains a patch for the issue.

Affected products

Glpi Project/Glpiv5
Range: >= 10.0.0, < 10.0.11

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/glpi-project/glpi/commit/4bd7f02d940953b9cbc9d285f7544bb0e490e75emitrex_refsource_MISC
github.com/glpi-project/glpi/releases/tag/10.0.11mitrex_refsource_MISC
github.com/glpi-project/glpi/security/advisories/GHSA-94c3-fw5r-3362mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.009
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000