GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, an authenticated user can perfom a SQL injection. Version 11.0.6 fixes the issue.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NTeclib Edition Glpi
APPTeclib-Edition≤ 11.0.6
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
SQLi
CWE
Powiązane podatności
CVE-2026-22248HIGH8.0ten sam produkt
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, lice...
CVE-2026-25937MEDIUM6.5ten sam produkt
GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0....
CVE-2026-23489CRITICAL9.1PL ✓ten sam vendor
RCE przez tworzenie dropdownów w pluginie Fields dla GLPI
CVE-2021-43779CRITICAL9.9ten sam vendor
GLPI is an open source IT Asset Management, issue tracking system and service desk system. The GLPI addressing...
CVE-2019-12723CRITICAL9.8ten sam vendor
An issue was discovered in the Teclib Fields plugin through 1.9.2 for GLPI. it allows SQL Injection via contai...