CVE-2023-36808

GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.8, Computer Virtual Machine form and GLPI inventory request can be used to perform a SQL injection attack. Version 10.0.8 has a patch for this issue. As a workaround, one may disable native inventory. (CVSS:9.8) (Last Update:2023-07-10 23:58:43)   Latest security vulnerabilities (SQL Injection) (CVSS score >= 4) 

​ 

 

More To Explore