Description GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, an authenticated user can perfom a SQL injection. Version 11.0.6 fixes the issue.
CVSS vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Exploitability: 2.8 | Impact: 5.9 Attack Vector: Network
Complexity: Low
Privileges: Low
User Interaction: None
Scope: Unchanged
Confidentiality: High
Integrity: High
Availability: High
Affected Packages2 packages
🔴 Vulnerability Details1 OSV CVE-2026-25936: GLPI is a free Asset and IT management software package ↗ 2026-03-17 ▶
🕵️ Threat Intelligence11 Wiz CVE-2026-22044 Impact, Exploitability, and Mitigation Steps | Wiz ↗ ▶ Wiz CVE-2023-53943 Impact, Exploitability, and Mitigation Steps | Wiz ↗ ▶ Wiz CVE-2025-64516 Impact, Exploitability, and Mitigation Steps | Wiz ↗ ▶ Wiz CVE-2026-22248 Impact, Exploitability, and Mitigation Steps | Wiz ↗ ▶ Wiz CVE-2025-64520 Impact, Exploitability, and Mitigation Steps | Wiz ↗ ▶ Show 6 more