3 matches found
CVE-2023-42802
GLPI is a free asset and IT management software package. Starting in version 10.0.7 and prior to version 10.0.10, an unverified object instantiation allows one to upload malicious PHP files to unwanted directories. Depending on web server configuration and available system libraries, malicious PH...
CVE-2023-42802 GLPI vulnerable to unallowed PHP script execution
GLPI is a free asset and IT management software package. Starting in version 10.0.7 and prior to version 10.0.10, an unverified object instantiation allows one to upload malicious PHP files to unwanted directories. Depending on web server configuration and available system libraries, malicious PH...
CVE-2023-42802
GLPI prior to version 10.0.10 is affected by CVE-2023-42802 due to an unverified object instantiation that allows uploading malicious PHP files to unintended directories, which can be executed via a web request depending on server config and libraries. The issue is mitigated by upgrading to versi...