CVE-2023-42462

CVSS 3.1 Score 9.1 of 10 (high)

Details

Published Sep 27, 2023

Updated: Sep 29, 2023

CWE ID 434

CWE ID 22

Summary

CVE-2023-42462 is a vulnerability affecting GLPI, a popular Free Asset and IT Management Software package. The issue resides in the document upload process, which can be manipulated to delete files surreptitiously. Affected versions include those prior to 10.0.10. Users are strongly urged to upgrade to the latest version as no workarounds are currently available to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

GLPI Project
Glpi-project GLPI

Affected Vendors

Teclib

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/soVBQh
https://www.cve.org/CVERecord?id=CVE-2023-42462
https://nvd.nist.gov/vuln/detail/CVE-2023-42462

Back to Vulnerability Database