PT-2025-6927 · Glpi+1 · Glpi+1

Rootjog

·

Published

2025-02-12

·

Updated

2025-08-13

·

CVE-2025-21619

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions GLPI versions prior to 10.0.18
Description The issue allows an administrator user to perform a SQL injection through the rules configuration forms.
Recommendations For versions prior to 10.0.18, update to version 10.0.18 to resolve the issue.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

ALT-PU-2025-10163
ALT-PU-2025-4115
CVE-2025-21619
GHSA-PCMC-XV3G-HJXV

Affected Products

Alt Linux
Glpi