UBUNTU-CVE-2023-42461

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The ITIL actors input field from the Ticket form can be used to perform a SQL injection. Users are advised...

glpi-project -- SQL injection in ITIL actors in GLPI

[email protected] reports: GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The ITIL actors input field from the Ticket form can be used to...

CVE-2023-42461 SQL injection in ITIL actors in GLPI

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The ITIL actors input field from the Ticket form can be used to perform a SQL injection. Users are advised...

PT-2023-6847 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.10 Description: The issue is related to the use of the ITIL actors input field from the ticket form, which can be exploited to perform a SQL injection. This allows a remote attacker to potentially capture an...