GLPI is a free asset and IT management software package. An authenticated user can exploit multiple SQL injection vulnerabilities. One of them can be used to alter another user account data and take control of it. Upgrade to 10.0.17.
Metrics
Affected Vendors & Products
References
History
Fri, 15 Nov 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Glpi-project
Glpi-project glpi |
|
CPEs | cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:* | |
Vendors & Products |
Glpi-project
Glpi-project glpi |
|
Metrics |
ssvc
|
Fri, 15 Nov 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | GLPI is a free asset and IT management software package. An authenticated user can exploit multiple SQL injection vulnerabilities. One of them can be used to alter another user account data and take control of it. Upgrade to 10.0.17. | |
Title | GLPI allows account takeover via SQL Injection in AJAX scripts | |
Weaknesses | CWE-89 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-11-15T18:06:36.649Z
Updated: 2024-11-19T14:11:25.885Z
Reserved: 2024-07-08T16:13:15.511Z
Link: CVE-2024-40638
Vulnrichment
Updated: 2024-11-15T18:22:33.205Z
NVD
Status : Analyzed
Published: 2024-11-15T18:15:27.457
Modified: 2024-11-20T15:30:37.387
Link: CVE-2024-40638
Redhat
No data.