CVE-2023-43813

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Dec 13, 2023

Updated: Dec 18, 2023

CWE ID 89

Summary

CVE-2023-43813 is a vulnerability affecting GLPI, a free IT management software. In versions prior to 10.0.11, the saved search feature contains a SQL injection flaw. An attacker may exploit this issue by crafting malicious search queries, potentially gaining unauthorized access to sensitive data or making unintended modifications. Users are advised to upgrade to version 10.0.11, which includes a patch to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

GLPI Project
Glpi-project GLPI

Affected Vendors

Teclib

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/swxusg
https://www.cve.org/CVERecord?id=CVE-2023-43813
https://nvd.nist.gov/vuln/detail/CVE-2023-43813

Back to Vulnerability Database