Lucene search
GitHub_MCVELIST:CVE-2023-46727HistoryDec 13, 2023 - 6:26 p.m.
CVE-2023-46727 GLPI SQL injection through inventory agent request
2023-12-1318:26:35
CWE-89
GitHub_M
www.cve.org
6
glpi
sql injection
cve-2023-46727
version 10.0.0
version 10.0.11
patch
CVSS3
8.6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
EPSS
0.001
Percentile
29.9%
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, GLPI inventory endpoint can be used to drive a SQL injection attack. Version 10.0.11 contains a patch for the issue. As a workaround, disable native inventory.
CNA Affected
[
{
"vendor": "glpi-project",
"product": "glpi",
"versions": [
{
"version": ">= 10.0.0, < 10.0.11",
"status": "affected"
}
]
}
]Related
prion
prion
Sql injection
2023-12-13 19:15:00
osv
osv
CVE-2023-46727
2023-12-13 19:15:08
cve
cve
CVE-2023-46727
2023-12-13 19:15:08
nvd
nvd
CVE-2023-46727
2023-12-13 19:15:08
freebsd
freebsd
GLPI -- multiple vulnerabilities
2023-12-13 00:00:00
nessus
nessus
CVSS3
8.6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
EPSS
0.001
Percentile
29.9%
Related for CVELIST:CVE-2023-46727