Lucene search
+L

5 matches found

ubuntucve
ubuntucve
added 2023/07/05 9:15 p.m.7 views

CVE-2023-36808

GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.8, Computer Virtual Machine form and GLPI inventory request can be used to perform a SQL injection attack. Version 10.0.8 has a patch for this issue. As a workaround, one may disable native...

9.8CVSS7.2AI score0.47557EPSS
Exploits1References2
vulnrichment
vulnrichment
added 2023/07/05 8:52 p.m.11 views

CVE-2023-36808 GLPI vulnerable to SQL injection through Computer Virtual Machine information

GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.8, Computer Virtual Machine form and GLPI inventory request can be used to perform a SQL injection attack. Version 10.0.8 has a patch for this issue. As a workaround, one may disable native...

8.6CVSS8.1AI score0.47557EPSS
Exploits1References2
cve
cve
added 2023/07/05 8:52 p.m.72 views

CVE-2023-36808

GLPI (asset and IT management software) has a SQL injection vulnerability affecting versions prior to 10.0.8, involving the Computer Virtual Machine form and GLPI inventory request. The issue is addressed by a patch in version 10.0.8; as a workaround, disable native inventory. Other security sour...

9.8CVSS9.6AI score0.47557EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2023/07/05 8:52 p.m.35 views

CVE-2023-36808 GLPI vulnerable to SQL injection through Computer Virtual Machine information

GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.8, Computer Virtual Machine form and GLPI inventory request can be used to perform a SQL injection attack. Version 10.0.8 has a patch for this issue. As a workaround, one may disable native...

8.6CVSS10AI score0.47557EPSS
Exploits1References2
osv
osv
added 2023/07/05 8:52 p.m.16 views

CVE-2023-36808 GLPI vulnerable to SQL injection through Computer Virtual Machine information

GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.8, Computer Virtual Machine form and GLPI inventory request can be used to perform a SQL injection attack. Version 10.0.8 has a patch for this issue. As a workaround, one may disable native...

8.6CVSS9.6AI score0.47557EPSS
Exploits1References4
Rows per page
Query Builder