CVE-2023-36808

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jul 5, 2023

Updated: Jul 10, 2023

CWE ID 89

Summary

CVE-2023-36808 is a vulnerability affecting GLPI, a free IT management software. In versions prior to 10.0.8, SQL injection attacks can be executed through the Computer Virtual Machine form and GLPI inventory request. This issue allows unauthorized users to access sensitive data or even take control of the system. To mitigate the risk, users can apply the patch available in version 10.0.8 or disable the native inventory feature as a temporary workaround.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

GLPI Project
Glpi-project GLPI

Affected Vendors

Teclib

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rzcbIy
https://www.cve.org/CVERecord?id=CVE-2023-36808
https://nvd.nist.gov/vuln/detail/CVE-2023-36808

Back to Vulnerability Database