Home

Description

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in some AJAX scripts to alter another user account data and take control of it. Upgrade to 10.0.16.

PUBLISHED Reserved 2024-06-03 | Published 2024-07-10 | Updated 2024-11-19 | Assigner GitHub_M




HIGH: 8.1CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Problem types

CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Product status

>= 0.84, < 10.0.16
affected

References

github.com/...t/glpi/security/advisories/GHSA-p626-hph9-p6fj

github.com/...t/glpi/security/advisories/GHSA-p626-hph9-p6fj

cve.org (CVE-2024-37148)

nvd.nist.gov (CVE-2024-37148)

Download JSON