CVE-2022-31061

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-31061
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31061.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-31061
Aliases
  • GHSA-w2gc-v2gm-q7wq
Downstream
Published
2022-06-28T17:55:11Z
Modified
2025-11-04T20:02:14.578700Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
SQL injection on login page in GLPI
Details

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions there is a SQL injection vulnerability which is possible on login page. No user credentials are required to exploit this vulnerability. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.

Database specific 
{
    "cwe_ids": [
        "CWE-89"
    ]
}
References

Affected packages

Git / github.com/glpi-project/glpi

Affected ranges

Type
GIT
Repo
https://github.com/glpi-project/glpi
Events
Introduced
d5017d7de5636bfe5a2f13e64c685423723f7f33
Fixed
78dd4cd1e0019b09f50a8296b93123f1d4c08ab9
Database specific 
{
    "versions": [
        {
            "introduced": "9.3.0"
        },
        {
            "fixed": "9.5.8"
        }
    ]
}
Type
GIT
Repo
https://github.com/glpi-project/glpi
Events
Introduced
815997021a5df4feb7077a12f6f52769e9bd3459
Fixed
10873706f388795a1d0d72a028eb4ceba36f7169
Database specific 
{
    "versions": [
        {
            "introduced": "10.0.0"
        },
        {
            "fixed": "10.0.2"
        }
    ]
}

Affected versions

10.*

10.0.0
10.0.1