Lucene search
K

4 matches found

UbuntuCve
UbuntuCve
added 2023/09/27 3:19 p.m.15 views

CVE-2023-41324

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API user that have read access on users resource can steal accounts of other users. Users are advised t...

8.8CVSS7.2AI score0.00737EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/09/26 10:37 p.m.36 views

CVE-2023-41324 Account takeover through API in GLPI

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API user that have read access on users resource can steal accounts of other users. Users are advised t...

8.1CVSS8.8AI score0.00737EPSS
Exploits0References1
OSV
OSV
added 2023/09/26 10:37 p.m.35 views

CVE-2023-41324 Account takeover through API in GLPI

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API user that have read access on users resource can steal accounts of other users. Users are advised t...

8.1CVSS8.4AI score0.00737EPSS
Exploits0References3
CVE
CVE
added 2023/09/26 10:37 p.m.2522 views

CVE-2023-41324

GLPI (Gestionnaire Libre de Parc Informatique) vulnerability CVE-2023-41324 is evidenced in connected records as a SQL injection flaw in GLPI’s search functionality. Affected are GLPI versions prior to 10.0.13 (per PT Security entries); authenticated users can exploit the flaw to access or extrac...

8.8CVSS8.2AI score0.00737EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder