File deletion through document upload process in GLPI
CVE-2023-42462
7.7HIGH
What is CVE-2023-42462?
A file deletion vulnerability exists within GLPI, a free software solution for asset and IT management, which allows an attacker to manipulate the document upload process to potentially delete certain files. This issue affects versions 10.0.9 and earlier, and users are strongly recommended to upgrade to version 10.0.10 to mitigate risks. Unfortunately, there are no known workarounds to address this vulnerability.
Affected Version(s)
glpi >= 10.0.0, < 10.0.10