CVE-2020-15108SQL Injection in Glpi

CWE-89SQL Injection5 documents3 sources
Severity
7.1HIGHNVD
EPSS
0.3%
top 43.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Glpi-project Glpi
Timeline
PublishedJul 17
Latest updateJul 24

Description

In glpi before 9.5.1, there is a SQL injection for all usages of "Clone" feature. This has been fixed in 9.5.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:NExploitability: 2.8 | Impact: 4.2

Affected Packages1 packages

NVDglpi-project/glpi< 9.5.1

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

1
OSV
CVE-2020-15108: In glpi before 92020-07-17

💬Community

3
Bugzilla
CVE-2020-15108 glpi: SQL injection in all usages of Clone feature2020-07-24
Bugzilla
CVE-2020-15108 glpi: SQL injection in all usages of Clone feature [epel-7]2020-07-24
Bugzilla
CVE-2020-15108 glpi: SQL injection in all usages of Clone feature [fedora-all]2020-07-24