PT-2022-7392 · Glpi+2 · Glpi+2

Xanhacks

Published

2022-09-15

Updated

2024-07-26

CVE-2022-39376

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions GLPI versions prior to 10.0.4

Description The issue is related to improper input validation in the GLPI system, which can be exploited by a remote attacker to impact the system's integrity. Users may be able to inject custom field values in mailto links.

Recommendations For versions prior to 10.0.4, upgrade to version 10.0.4 to resolve the issue. As a temporary workaround, consider restricting the use of custom fields in mailto links until the patch is applied.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2022-2614

ALT-PU-2022-2624

ALT-PU-2022-2665

ALT-PU-2022-3008

ALT-PU-2022-3078

ALT-PU-2022-3274

ALT-PU-2023-7633

ALT-PU-2024-8030

ALT-PU-2024-8094

BDU:2024-05800

CVE-2022-39376

GHSA-6RH5-M5G7-327W

Affected Products

Alt Linux

Glpi

Red Os

PT-2022-7392 · Glpi+2 · Glpi+2

CVE-2022-39376

Weakness Enumeration

Related Identifiers

Affected Products

References · 19