CVE-2023-37278SQL Injection in Glpi

CWE-89SQL Injection2 documents2 sources
Severity
9.1CRITICALNVD
EPSS
0.3%
top 46.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Glpi-project Glpi
Timeline
PublishedJul 13

Description

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An administrator can trigger SQL injection via dashboards administration. This vulnerability has been patched in version 10.0.9.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 2.3 | Impact: 6.0

Affected Packages2 packages

NVDglpi-project/glpi< 10.0.9
CVEListV5glpi-project/glpi>= 9.5.0, < 10.0.9

🔴Vulnerability Details

1
OSV
CVE-2023-37278: GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing2023-07-13