Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-37278

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An administrator can trigger SQL injection via dashboards administration. This vulnerability has been patched in version 10.0.9.

Published

2023-07-13T23:15:10.963

Last Modified

2024-11-21T08:11:22.860

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.8 (MEDIUM)

Weaknesses

Type: Primary
CWE-89

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	glpi-project	glpi	< 10.0.9	Yes

References

https://github.com/glpi-project/glpi/releases/tag/10.0.9 Release Notes, Vendor Advisory ([email protected])
https://github.com/glpi-project/glpi/security/advisories/GHSA-46gp-f96h-53w4 Vendor Advisory ([email protected])
https://github.com/glpi-project/glpi/releases/tag/10.0.9 Release Notes, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/glpi-project/glpi/security/advisories/GHSA-46gp-f96h-53w4 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)