CVE-2026-25936

Опубликовано: 17 мар. 2026

Источник: nvd

CVSS3: 6.5

CVSS3: 8.8

EPSS Низкий

Описание

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, an authenticated user can perfom a SQL injection. Version 11.0.6 fixes the issue.

Ссылки

https://github.com/glpi-project/glpi/security/advisories/GHSA-qw3x-7vv2-7759
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:teclib-edition:glpi:*:*:*:*:*:*:*:*

Версия от 11.0.0 (исключая) до 11.0.6 (включая)

EPSS

Процентиль: 11%

0.00038

Низкий

6.5 Medium

CVSS3

8.8 High

CVSS3

Дефекты

CWE-89

Связанные уязвимости

CVE-2026-25936

CVSS3: 6.5

ubuntu

15 дней назад

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, an authenticated user can perfom a SQL injection. Version 11.0.6 fixes the issue.

CVE-2026-25936

CVSS3: 6.5

debian

15 дней назад

GLPI is a free Asset and IT management software package. Starting in v ...

EPSS

Процентиль: 11%

0.00038

Низкий

6.5 Medium

CVSS3

8.8 High

CVSS3

Дефекты

CWE-89