Open Redirect Vulnerability in GLPI by GLPI Project
CVE-2024-11955

5.3MEDIUM

Key Information:

Vendor

GLPI Project
Status
Glpi
Vendor
CVE Published:
25 February 2025

Badges

๐Ÿ“ฐ News Worthy

What is CVE-2024-11955?

A vulnerability exists in GLPI versions up to 10.0.17, specifically within the /index.php file. This issue stems from improper handling of the 'redirect' argument, allowing an attacker to execute a remote open redirect. Publicly disclosed exploits could be utilized, highlighting the urgency for users to upgrade to GLPI version 10.0.18 or later to mitigate this security risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

GLPI 10.0.0

GLPI 10.0.1

GLPI 10.0.2

News Articles

favicon imageVuXML

VuXML: glpi-project -- GLPI multiple vulnerabilities

CVE-2024-11955: A vulnerability was found in GLPI up to 10.0.17. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The...

References

https://vuldb.com/?id.296809
vdb-entrytechnical-description
https://vuldb.com/?ctiid.296809
signaturepermissions-required
https://vuldb.com/?submit.451775
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • ๐Ÿ“ฐ

    First article discovered by VuXML

  • Vulnerability published

  • Vulnerability Reserved

JSON
.