CVE-2024-37148

Severity CVSS v4.0:
Pending analysis
Type:
CWE-89 SQL Injection
Publication date:
10/07/2024
Last modified:
07/01/2025

Description

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in some AJAX scripts to alter another user account data and take control of it. Upgrade to 10.0.16.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:* 0.84 (including) 10.0.16 (excluding)