Lucene search

Ubuntu.comUB:CVE-2024-37148

HistoryJul 10, 2024 - 12:00 a.m.

CVE-2024-37148

2024-07-1000:00:00

ubuntu.com

glpi

open-source

itil

sql injection

upgrade

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

7.9

Confidence

Low

JSON

GLPI is an open-source asset and IT management software package that
provides ITIL Service Desk features, licenses tracking and software
auditing. An authenticated user can exploit a SQL injection vulnerability
in some AJAX scripts to alter another user account data and take control of
it. Upgrade to 10.0.16.

OSVersionArchitecturePackageVersionFilename
ubuntu16.04noarchglpi< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	16.04	noarch	glpi	< any	UNKNOWN

References

github.com/glpi-project/glpi/security/advisories/GHSA-p626-hph9-p6fj

launchpad.net/bugs/cve/CVE-2024-37148

nvd.nist.gov/vuln/detail/CVE-2024-37148

security-tracker.debian.org/tracker/CVE-2024-37148

www.cve.org/CVERecord?id=CVE-2024-37148

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

7.9

Confidence

Low

JSON

Related for UB:CVE-2024-37148