Security Advisory

CVE-2023-36808

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-07-05 20:52:48

Last updated 2024-10-18 19:39:38

Assigner GitHub_M

State PUBLISHED

Description

GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.8, Computer Virtual Machine form and GLPI inventory request can be used to perform a SQL injection attack. Version 10.0.8 has a patch for this issue. As a workaround, one may disable native inventory.

← Browse all CVEs View on cve.org ↗