SQL Injection Vulnerability in GLPI Asset Management Software by GLPI Project
CVE-2024-41679

8.8HIGH

Key Information:

Vendor: Glpi-project
Status: Glpi
Vendor: CVE Published:; 15 November 2024

Summary

An SQL injection vulnerability exists in GLPI, a widely used asset and IT management software package. An attacker with authenticated access can exploit this vulnerability through the ticket form to execute arbitrary SQL commands. This can lead to unauthorized data access or manipulation, which poses significant risks to the security and integrity of the IT infrastructure. Users and administrators are advised to upgrade to version 10.0.17 or later to mitigate the impact of this vulnerability.

References

https://github.com/glpi-project/glpi/security/advisories/...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 15, 2024