CVE-2023-46726

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Dec 13, 2023

Updated: Dec 18, 2023

CWE ID 74

Summary

CVE-2023-46726 is a vulnerability affecting GLPI, a free IT management software. Versions 10.0.0 to 10.0.10, running on PHP 7.4, contain a flaw in the LDAP server configuration form. An attacker can exploit this issue to execute arbitrary code that was previously uploaded as a GLPI document. The latest version, 10.0.11, includes a patch to address this security concern.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

GLPI Project
Glpi-project GLPI

Affected Vendors

Teclib

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tIwZgK
https://www.cve.org/CVERecord?id=CVE-2023-46726
https://nvd.nist.gov/vuln/detail/CVE-2023-46726

Back to Vulnerability Database