GLPI allows account takeover via SQL Injection in AJAX scripts
CVE-2024-40638
8.8HIGH
What is CVE-2024-40638?
Multiple SQL injection vulnerabilities have been identified in GLPI, a widely used open-source asset and IT management software package. These vulnerabilities can be exploited by authenticated users, enabling them to manipulate account data and potentially take control of another user's account. It is essential for users of GLPI to upgrade to version 10.0.17 to mitigate these risks and secure their systems against unauthorized access.
Affected Version(s)
glpi >= 0.85, < 10.0.17