CVE-2020-11032 — SQL Injection in Glpi

CWE-89 — SQL Injection4 documents3 sources

Severity

7.2HIGHNVD

EPSS

0.3%

top 45.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Glpi-project Glpi

Timeline

PublishedMay 5

Latest updateMay 20

Description

In GLPI before version 9.4.6, there is a SQL injection vulnerability for all helpdesk instances. Exploiting this vulnerability requires a technician account. This is fixed in version 9.4.6.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5glpi-project/glpi< 9.4.6

▶NVDglpi-project/glpi9.4.5

🔴Vulnerability Details

OSV

CVE-2020-11032: In GLPI before version 9↗2020-05-05

▶

💬Community

Bugzilla

CVE-2020-11032 glpi: an SQL injection vulnerability for all helpdesk instances [fedora-all]↗2020-05-20

▶

Bugzilla

CVE-2020-11032 glpi: an SQL injection vulnerability for all helpdesk instances↗2020-05-20

▶