2 matches found
CVE-2024-45608
GLPI (CVE-2024-45608) affects versions up to 10.0.18; vulnerability is a server-side SQL injection due to an issue in the preferences handling that can be triggered by an authenticated user. Root cause: missing/weak input handling in the preferences flow. Impact: high confidentiality, integrity, ...
CVE-2023-51446 GLPI LDAP Injection during authentication
GLPI is a Free Asset and IT Management Software package. When authentication is made against a LDAP, the authentication form can be used to perform LDAP injection. Upgrade to 10.0.12...