Описание
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Time based attack using a SQL injection in api REST user_token. This issue has been patched, please upgrade to version 10.0.4. As a workaround, disable login with user_token on API Rest.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
EPSS
7.4 High
CVSS3
9.8 Critical
CVSS3
Дефекты
Связанные уязвимости
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Time based attack using a SQL injection in api REST user_token. This issue has been patched, please upgrade to version 10.0.4. As a workaround, disable login with user_token on API Rest.
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Fre ...
Уязвимость системы работы с заявками и инцидентами GLPI, связанная c неправильной нейтрализацией специальных элементов, используемых в команде SQL, позволяющая нарушителю провести атаку на основе времени с использованием SQL-инъекции в API REST user_token
EPSS
7.4 High
CVSS3
9.8 Critical
CVSS3