Unrated severityNVD Advisory· Published Dec 13, 2023· Updated Nov 19, 2024

GLPI SQL injection through inventory agent request

CVE-2023-46727

Description

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, GLPI inventory endpoint can be used to drive a SQL injection attack. Version 10.0.11 contains a patch for the issue. As a workaround, disable native inventory.

Affected products

Glpi Project/Glpiv5
Range: >= 10.0.0, < 10.0.11

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/glpi-project/glpi/commit/ee2d674481ebef177037e8e14d35c9455b5cfd46mitrex_refsource_MISC
github.com/glpi-project/glpi/releases/tag/10.0.11mitrex_refsource_MISC
github.com/glpi-project/glpi/security/advisories/GHSA-v799-2mp3-wgfrmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.019
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000