Unrated severityNVD Advisory· Published Dec 11, 2024· Updated Dec 11, 2024

GLPI vulnerable to authenticated insecure account deletion

CVE-2024-48912

Description

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.17, an authenticated user can use an application endpoint to delete any user account. Version 10.0.17 contains a patch for this issue.

Affected products

Glpi Project/Glpiv5
Range: >= 10.0.0, < 10.0.17

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/glpi-project/glpi/releases/tag/10.0.17mitrex_refsource_MISC
github.com/glpi-project/glpi/security/advisories/GHSA-vjmw-j32j-ph4fmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000