GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, an authenticated user can perfom a SQL injection. Version 11.0.6 fixes the issue.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NTeclib Edition Glpi
APPTeclib-Editionβ€ 11.0.6
π΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
Related vulnerabilities
CVE-2026-22248HIGH8.0ten sam produkt
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, lice...
CVE-2026-25937MEDIUM6.5ten sam produkt
GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0....
CVE-2026-23489CRITICAL9.1PL βten sam vendor
RCE przez tworzenie dropdownΓ³w w pluginie Fields dla GLPI
CVE-2021-43779CRITICAL9.9ten sam vendor
GLPI is an open source IT Asset Management, issue tracking system and service desk system. The GLPI addressing...
CVE-2019-12723CRITICAL9.8ten sam vendor
An issue was discovered in the Teclib Fields plugin through 1.9.2 for GLPI. it allows SQL Injection via contai...