9 matches found
Linux Distros Unpatched Vulnerability : CVE-2022-31056
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected version...
GLPI v10.0.2 - SQL Injection (Authentication Depends on Configuration) Vulnerability
ADVISORY INFORMATION Exploit Title: GLPI v10.0.2 - SQL Injection Authentication Depends on Configuration Application: GLPI =10.0.0, 10.0.3 Author: Nuri Çilengir Vendor Homepage: https://glpi-project.org/ Software Link: https://github.com/glpi-project/glpi Advisory:...
GLPI 10.0.2 SQL Injection / Remote Code Execution
ADVISORY INFORMATION Exploit Title: GLPI v10.0.2 - SQL Injection Authentication Depends on Configuration Date of found: 11 Jun 2022 Application: GLPI =10.0.0, 10.0.3 Author: Nuri Çilengir Vendor Homepage: https://glpi-project.org/ Software Link: https://github.com/glpi-project/glpi Advisory:...
GLPI v10.0.2 - SQL Injection (Authentication Depends on Configuration)
ADVISORY INFORMATION Exploit Title: GLPI v10.0.2 - SQL Injection Authentication Depends on Configuration Date of found: 11 Jun 2022 Application: GLPI =10.0.0, 10.0.3 Author: Nuri Çilengir Vendor Homepage: https://glpi-project.org/ Software Link: https://github.com/glpi-project/glpi Advisory:...
CVE-2022-31056
creationtimestamp| type| source ---|---|--- 2022-06-28 22:42:33+00:00| seen| https://t.me/cibsecurity/45327...
CVE-2022-31056
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all assistance forms Ticket/Change/Problem permit sql injection on the actor fields. This issue has been resolved in version 10.0.2 and...
CVE-2022-31056 SQL injection with _actor parameter in GLPI
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all assistance forms Ticket/Change/Problem permit sql injection on the actor fields. This issue has been resolved in version 10.0.2 and...
CVE-2022-31056 SQL injection with _actor parameter in GLPI
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all assistance forms Ticket/Change/Problem permit sql injection on the actor fields. This issue has been resolved in version 10.0.2 and...
CVE-2022-31056
GLPI prior to 10.0.2 is affected by a SQL injection in the actor field across Help forms (Ticket/Change/Problem). The underlying issue is lack of validation of external input in those actor fields, enabling potentially unauthorized SQL commands. The vulnerability is fixed in GLPI version 10.0.2; ...