CVE-2023-37278

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-37278

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-37278.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-37278

Aliases

GHSA-46gp-f96h-53w4

Downstream

UBUNTU-CVE-2023-37278

Published

2023-07-13T22:37:29.892Z

Modified

2026-04-10T05:00:29.757840Z

Severity

6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N CVSS Calculator

Summary

GLPI vulnerable to SQL injection via dashboard administration

Details

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An administrator can trigger SQL injection via dashboards administration. This vulnerability has been patched in version 10.0.9.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-89"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/37xxx/CVE-2023-37278.json"
}

References

Affected packages

Git / github.com/glpi-project/glpi

Affected ranges

Type: GIT
Repo: https://github.com/glpi-project/glpi
Events: Introduced

9fa6de558a9987561b80afd57a796a3fa19deee6

Fixed

48381dbb715dc0b92ffd789604b9cb2fd695e5b5

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-37278.json"