CVE-2023-51446

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Feb 1, 2024

Updated: Feb 7, 2024

CWE ID 90

CWE ID 74

Summary

CVE-2023-51446 is a vulnerability affecting GLPI, a popular Free Asset and IT Management Software package. If an authentication process uses an LDAP server, an attacker can exploit the vulnerability by injecting malicious LDAP commands into the authentication form. Successful exploitation could lead to unauthorized access to the IT management system. To mitigate this risk, users are advised to upgrade GLPI to version 10.0.12 as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

GLPI Project
Glpi-project GLPI

Affected Vendors

Teclib
Glpi-project

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/t29VQL
https://www.cve.org/CVERecord?id=CVE-2023-51446
https://nvd.nist.gov/vuln/detail/CVE-2023-51446

Back to Vulnerability Database