3 matches found
CVE-2023-35924
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.8, GLPI inventory endpoint can be used to drive a SQL injection attack. By default, GLPI inventory endpoint requires no authentication. Version 10.0.8 has a patch for this issue. As a...
CVE-2023-35924
GLPI CVE-2023-35924 covers a SQL injection in the inventory endpoint of GLPI versions 10.0.0 through prior to 10.0.8, with the endpoint requiring no authentication by default. The issue can be exploited over the network and is mitigated by upgrading to version 10.0.8, which includes a patch; as a...
CVE-2023-35924 GLPI vulnerable to SQL injection via inventory agent request
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.8, GLPI inventory endpoint can be used to drive a SQL injection attack. By default, GLPI inventory endpoint requires no authentication. Version 10.0.8 has a patch for this issue. As a...