GLPI Remote code execution from LDAP server configuration form on PHP 7.4
CVE-2023-46726
7.2HIGH
What is CVE-2023-46726?
GLPI is a widely used free asset and IT management software. It has been found to have an arbitrary code execution vulnerability within its LDAP server configuration form, specifically affecting versions 10.0.0 to 10.0.10 when running on PHP 7.4. Attackers could exploit this flaw to execute arbitrary code that had previously been uploaded to the system as a GLPI document. It is crucial for users to upgrade to version 10.0.11 or later, where a fix has been implemented to resolve this vulnerability.
Affected Version(s)
glpi >= 10.0.0, < 10.0.11