Unrated severityNVD Advisory· Published Dec 13, 2023· Updated Aug 2, 2024

GLPI Remote code execution from LDAP server configuration form on PHP 7.4

CVE-2023-46726

Description

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, on PHP 7.4 only, the LDAP server configuration form can be used to execute arbitrary code previously uploaded as a GLPI document. Version 10.0.11 contains a patch for the issue.

Affected products

Glpi Project/Glpiv5
Range: >= 10.0.0, < 10.0.11

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/glpi-project/glpi/commit/42ba2b031bec0b3889317db25f3adf9080fc11b2mitrex_refsource_MISC
github.com/glpi-project/glpi/releases/tag/10.0.11mitrex_refsource_MISC
github.com/glpi-project/glpi/security/advisories/GHSA-qc92-gxc6-5f95mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000