GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can execute a SSRF based attack using Arbitrary Object Instantiation. This issue has been patched in version 10.0.13.
2024-03-18T17:15:06.593
2025-01-02T15:53:19.737
Analyzed
CVSSv3.1: 6.4 (MEDIUM)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | glpi-project | glpi | < 10.0.13 | Yes |