GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in some AJAX scripts to alter another user account data and take control of it. Upgrade to 10.0.16.
History

Tue, 19 Nov 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Glpi-project
Glpi-project glpi
CPEs cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*
Vendors & Products Glpi-project
Glpi-project glpi
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-07-10T19:18:09.444Z

Updated: 2024-11-19T14:15:49.487Z

Reserved: 2024-06-03T17:29:38.328Z

Link: CVE-2024-37148

cve-icon Vulnrichment

Updated: 2024-08-02T03:50:55.237Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-07-10T20:15:03.280

Modified: 2024-11-21T09:23:18.003

Link: CVE-2024-37148

cve-icon Redhat

No data.