CVE-2024-27096

Severity CVSS v4.0:
Pending analysis
Type:
CWE-89 SQL Injection
Publication date:
18/03/2024
Last modified:
02/01/2025

Description

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in the search engine to extract data from the database. This issue has been patched in version 10.0.13.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:* 0.65 (including) 10.0.13 (excluding)