Описание
GLPI is a free asset and IT management software package. Prior to version 9.5.7, an entity administrator is capable of retrieving normally inaccessible data via SQL injection. Version 9.5.7 contains a patch for this issue. As a workaround, disabling the Entities update right prevents exploitation of this vulnerability.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps/xenial | needs-triage | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| mantic | DNE | |
| noble | DNE | |
| oracular | DNE | |
| plucky | DNE | |
| questing | DNE |
Показывать по
Ссылки на источники
4 Medium
CVSS2
4.9 Medium
CVSS3
Связанные уязвимости
GLPI is a free asset and IT management software package. Prior to version 9.5.7, an entity administrator is capable of retrieving normally inaccessible data via SQL injection. Version 9.5.7 contains a patch for this issue. As a workaround, disabling the `Entities` update right prevents exploitation of this vulnerability.
GLPI is a free asset and IT management software package. Prior to vers ...
Уязвимость системы работы с заявками и инцидентами GLPI, связанная с непринятием мер по защите структуры запроса SQL, позволяющая нарушителю выполнять произвольный SQL-запрос
4 Medium
CVSS2
4.9 Medium
CVSS3