CVE-2022-29250

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-29250

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-29250.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-29250

Related

GHSA-5w33-4wrx-8hvw
UBUNTU-CVE-2022-29250

Published

2022-06-09T20:15:08Z

Modified

2025-01-14T10:57:56.743212Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions prior to version 10.0.1 it is possible to add extra information by SQL injection on search pages. In order to exploit this vulnerability a user must be logged in.

References

https://github.com/glpi-project/glpi/security/advisories/GHSA-5w33-4wrx-8hvw

Affected packages

Git / github.com/glpi-project/glpi

Affected ranges

Type: GIT
Repo: https://github.com/glpi-project/glpi
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

26a36ecfbe427ffaaa5fc666f9d8e68e04e173b7

Last affected

815997021a5df4feb7077a12f6f52769e9bd3459

Last affected

89c9c67945b4f510e855b54e6a7ce659f8276a08

Last affected

9e5ec4000ae8b5789cd8ba60dee1220256afc18b

Last affected

c0c3d0aeced8b89dd6cb6fd0a0ba768d5858f337

Affected versions

0.*

0.90

0.90-RC1

0.90-RC2

0.90-beta1

0.90-beta2

0.90.1

10.*

10.0.0-beta

10.0.0-rc1

9.*

9.1

9.1-RC1

9.1-RC2

9.3-beta

9.4.0

9.4.0-beta

9.4.0-rc1

9.4.0-rc2

9.4.1

9.4.1.1

9.4.2

9.4.3

9.4.4

9.4.5

9.4.6

9.5.0

9.5.0-rc1

9.5.0-rc2

9.5.1

9.5.2

9.5.3

9.5.4

9.5.5

9.5.6

9.5.7