Lucene search
China National Vulnerability DatabaseCNVD-2022-60673HistoryJun 30, 2022 - 12:00 a.m.
GLPI Help Form SQL Injection Vulnerability
2022-06-3000:00:00
China National Vulnerability Database
www.cnvd.org.cn
18
glpi
sql injection
vulnerability
version 10.0.2
EPSS
0.002
Percentile
61.9%
GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, even toner cartridges and ink cartridges, etc. A SQL injection vulnerability exists in versions of GLPI prior to 10.0.2, which stems from a lack of validation of external input in the actor field of all help forms (tickets/changes/issues) SQL statement validation. An attacker could use this vulnerability to execute illegal SQL commands to steal sensitive database data.
Related
osv
osv
CVE-2022-31056
2022-06-28 18:15:08
packetstorm
packetstorm
GLPI 10.0.2 SQL Injection / Remote Code Execution
2023-04-03 00:00:00
prion
prion
Sql injection
2022-06-28 18:15:00
cvelist
cvelist
CVE-2022-31056 SQL injection with _actor parameter in GLPI
2022-06-28 00:00:00
cve
cve
CVE-2022-31056
2022-06-28 18:15:08
exploitdb
exploitdb
GLPI v10.0.2 - SQL Injection (Authentication Depends on Configuration)
2023-04-03 00:00:00
ubuntucve
ubuntucve
CVE-2022-31056
2022-06-28 00:00:00
nvd
nvd
CVE-2022-31056
2022-06-28 18:15:08
zdt
zdt