Lucene search
HistoryJul 13, 2023 - 11:15 p.m.
CVE-2023-37278
glpi
sql injection
patched
version 10.0.9
administrator
dashboards
CVSS3
9.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS
0.001
Percentile
32.5%
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An administrator can trigger SQL injection via dashboards administration. This vulnerability has been patched in version 10.0.9.
Affected configurations
Node
glpi-projectglpiRange<10.0.9
| Vendor | Product | Version | CPE |
|---|---|---|---|
| glpi-project | glpi | * | cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:* |
Related
prion
prion
Sql injection
2023-07-13 23:15:00
cvelist
cvelist
CVE-2023-37278 GLPI vulnerable to SQL injection via dashboard administration
2023-07-13 22:37:29
redos
redos
ROS-20240328-01
2024-03-28 00:00:00
cve
cve
CVE-2023-37278
2023-07-13 23:15:10
freebsd
freebsd
GLPI vulnerable to SQL injection via dashboard administration
2023-07-13 00:00:00
osv
osv
CVE-2023-37278
2023-07-13 23:15:10
CVSS3
9.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS
0.001
Percentile
32.5%
Related for NVD:CVE-2023-37278