Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2023-28849
HistoryApr 05, 2023 - 6:15 p.m.

Sql injection

2023-04-0518:15:00
PRIOn knowledge base
www.prio-n.com
1
glpi
sql injection
xss
version 10.0.7
authentication
patch
workaround

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.0%

JSON

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.7, GLPI inventory endpoint can be used to drive a SQL injection attack. It can also be used to store malicious code that could be used to perform XSS attack. By default, GLPI inventory endpoint requires no authentication. Version 10.0.7 contains a patch for this issue. As a workaround, disable native inventory.

CPENameOperatorVersion
glpige10.0.0
glpilt10.0.7

Related

osv 1
cve 1
cvelist 1
nvd 1
ubuntucve 1
freebsd 1
redos 1
osv
osv
CVE-2023-28849
2023-04-05 18:15:08
cve
cve
CVE-2023-28849
2023-04-05 18:15:08
cvelist
cvelist
CVE-2023-28849 GLPI vulnerable to SQL injection and Stored XSS via inventory agent request
2023-04-05 17:41:20
nvd
nvd
CVE-2023-28849
2023-04-05 18:15:08
ubuntucve
ubuntucve
CVE-2023-28849
2023-04-05 00:00:00
freebsd
freebsd
glpi -- multiple vulnerabilities
2023-03-20 00:00:00
redos
redos
ROS-20230619-01
2023-06-19 00:00:00

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.0%

JSON
Related for PRION:CVE-2023-28849
osv1cve1cvelist1nvd1ubuntucve1freebsd1redos1