CVE-2023-43813
published 2023-12-13CVE-2023-43813: GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, the saved search feature can be used to…
PriorityP268high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
31.14%
98.0th percentile
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, the saved search feature can be used to perform a SQL injection. Version 10.0.11 contains a patch for the issue.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| glpi-project | glpi | — | — |
| glpi-project | glpi | >= 10.0.0 < 10.0.11 | 10.0.11 |
Detection & IOCsextracted from sources · hover to see the quote
path/ajax/pin_savedsearches.php
snort
alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS GLPI Authenticated SQL Injection in Saved Searches (CVE-2023-43813)"; flow:established,to_server; http.uri; content:"/ajax/pin_savedsearches.php"; fast_pattern; http.request_body; content:"itemtype|3d|"; pcre:"/^[^&]*?(?:[\x27\x22\x3b\x2d\x5c\x2a\x2f]|\x25(?:2[27aAdDfF]|3[bB]|5[cC]))/R"; http.method; content:"POST"; reference:url,blog.quarkslab.com/exploiting-glpi-during-a-red-team-engagement.html; reference:cve,2023-43813; classtype:web-application-attack; sid:2067156; rev:1; metadata:affected_product GLPI, attack_target Server, tls_state TLSDecrypt, created_at 2026_01_28, cve CVE_2023_43813, deployment Perimeter, deployment Internal, deployment SSLDecrypt, confidence High, signature_severity Major, tag Exploit, updated_at 2026_01_28, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)
- →Inspect the POST request body for the 'itemtype=' parameter (URL-encoded as 'itemtype|3d|') followed by SQL injection characters: single/double quote, semicolon, dash, backslash, asterisk, forward-slash, or their percent-encoded equivalents (%27, %22, %2a, %2d, %2f, %3b, %5c).
- →The attack requires authentication (Authenticated SQL Injection) — correlate with prior successful login sessions when triaging alerts. ↗
- →Affected versions are GLPI 10.0.0 through 10.0.10; presence of these versions in asset inventory should elevate alert priority. ↗
- ·The PCRE match is anchored relative to the 'itemtype=' value position (using /R continuation); tuning may be needed if the parameter order in the POST body varies across GLPI versions or client implementations.
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Liferay Portal vulnerable to path traversal and denial-of-service in the ComboServlet
ghsa·2025-09-30
CVE-2025-43813 [MEDIUM] CWE-22 Liferay Portal vulnerable to path traversal and denial-of-service in the ComboServlet
Liferay Portal vulnerable to path traversal and denial-of-service in the ComboServlet
Possible path traversal vulnerability and denial-of-service in the ComboServlet in Liferay Portal 7.4.0 through 7.4.3.107, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to access arbitrary CSS and JSS files and load the files multiple times via the query string in a URL.
OSV
CVE-2023-43813: GLPI is a free asset and IT management software package
osv·2023-12-13·CVSS 8.8
CVE-2023-43813 [HIGH] CVE-2023-43813: GLPI is a free asset and IT management software package
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, the saved search feature can be used to perform a SQL injection. Version 10.0.11 contains a patch for the issue.
Suricata
ET WEB_SPECIFIC_APPS GLPI Authenticated SQL Injection in Saved Searches (CVE-2023-43813)
suricata·2026-01-28·CVSS 6.5
CVE-2023-43813 [MEDIUM] ET WEB_SPECIFIC_APPS GLPI Authenticated SQL Injection in Saved Searches (CVE-2023-43813)
ET WEB_SPECIFIC_APPS GLPI Authenticated SQL Injection in Saved Searches (CVE-2023-43813)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS GLPI Authenticated SQL Injection in Saved Searches (CVE-2023-43813)"; flow:established,to_server; http.uri; content:"/ajax/pin_savedsearches.php"; fast_pattern; http.request_body; content:"itemtype|3d|"; pcre:"/^[^&]*?(?:[\x27\x22\x3b\x2d\x5c\x2a\x2f]|\x25(?:2[27aAdDfF]|3[bB]|5[cC]))/R"; http.method; content:"POST"; reference:url,blog.quarkslab.com/exploiting-glpi-during-a-red-team-engagement.html; reference:cve,2023-43813; classtype:web-application-attack; sid:2067156; rev:1; metadata:affected_product GLPI, attack_target Server, tls_state TLSDecrypt, created_at 2026_01_28, cve CVE_2023_43813, deployment Perimeter, deployment Interna
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/glpi-project/glpi/commit/4bd7f02d940953b9cbc9d285f7544bb0e490e75ehttps://github.com/glpi-project/glpi/releases/tag/10.0.11https://github.com/glpi-project/glpi/security/advisories/GHSA-94c3-fw5r-3362https://github.com/glpi-project/glpi/commit/4bd7f02d940953b9cbc9d285f7544bb0e490e75ehttps://github.com/glpi-project/glpi/releases/tag/10.0.11https://github.com/glpi-project/glpi/security/advisories/GHSA-94c3-fw5r-3362
2023-12-13
Published