PT-2023-4273 · Glpi+2 · Glpi+2

Flegastelois

Publicado

2023-07-05

Atualizado

2024-08-22

CVE-2023-36808

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GLPI versions 0.80 through 10.0.7

Description The issue is related to a lack of protection against SQL injection attacks in the GLPI system, which manages IT assets and inventory. This can be exploited by a remote attacker to execute arbitrary code. The Computer Virtual Machine form and GLPI inventory request are specifically vulnerable to this type of attack.

Recommendations For versions 0.80 through 10.0.7, update to version 10.0.8 to apply the patch for this issue. As a temporary workaround for versions 0.80 through 10.0.7, consider disabling native inventory to minimize the risk of exploitation.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

ALT-PU-2023-4552

ALT-PU-2023-7633

ALT-PU-2024-8030

BDU:2023-04591

CVE-2023-36808

GHSA-VF5H-JH9Q-2GJM

Produtos afetados

Alt Linux

Glpi

Red Os

PT-2023-4273 · Glpi+2 · Glpi+2

CVE-2023-36808

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 13