Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-29250

GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions prior to version 10.0.1 it is possible to add extra information by SQL injection on search pages. In order to exploit this vulnerability a user must be logged in.

Published

2022-06-09T20:15:08.267

Last Modified

2024-11-21T06:58:48.420

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.1 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-89

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	glpi-project	glpi	10.0.0	Yes
Application	glpi-project	glpi	10.0.0	Yes
Application	glpi-project	glpi	10.0.0	Yes
Application	glpi-project	glpi	10.0.0	Yes
Application	glpi-project	glpi	10.0.0	Yes

References

https://github.com/glpi-project/glpi/security/advisories/GHSA-5w33-4wrx-8hvw Third Party Advisory ([email protected])
https://github.com/glpi-project/glpi/security/advisories/GHSA-5w33-4wrx-8hvw Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)