CVE-2023-46727

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Dec 13, 2023

Updated: Dec 18, 2023

CWE ID 89

Summary

CVE-2023-46727 is a vulnerability affecting GLPI, a free asset and IT management software. Versions prior to 10.0.11 contain an SQL injection vulnerability in the inventory endpoint, enabling attackers to execute malicious SQL queries. This issue can lead to unauthorized access or data theft. As a temporary solution, disabling the native inventory feature is advised. GLPI has released a patch in version 10.0.11 to address this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

GLPI Project
Glpi-project GLPI

Affected Vendors

Teclib

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tIwcTz
https://www.cve.org/CVERecord?id=CVE-2023-46727
https://nvd.nist.gov/vuln/detail/CVE-2023-46727

Back to Vulnerability Database