PT-2026-25960 · WordPress+1 · Glpi Inventory Plugin+1
Sofianeelhor
·
Publicado
2026-03-17
·
Atualizado
2026-05-24
·
CVE-2026-26001
CVSS v2.0
9.0
Alta
| Vetor | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
GLPI Inventory Plugin versions prior to 1.6.6
Description
The GLPI Inventory Plugin manages network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to version 1.6.6, unsanitized user input could lead to an SQL injection when generating reports, requiring appropriate permissions. The
reports functionality is susceptible to this issue due to improper handling of user-supplied data.Recommendations
Upgrade to GLPI Inventory Plugin version 1.6.6 or later.
Exploit
Correção
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Glpi Inventory Plugin
Red Os