CVE-2024-31456

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-31456

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-31456.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-31456

Aliases

GHSA-gcj4-2cp3-6h5j

Downstream

UBUNTU-CVE-2024-31456

Published

2024-05-07T14:07:08.277Z

Modified

2026-04-10T05:12:29.222955Z

Severity

7.7 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVSS Calculator

Summary

GLPI contains an authenticated SQL injection

Details

GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability from map search. This vulnerability is fixed in 10.0.15.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/31xxx/CVE-2024-31456.json",
    "cwe_ids": [
        "CWE-89"
    ],
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/glpi-project/glpi

Affected ranges

Type: GIT
Repo: https://github.com/glpi-project/glpi
Events: Introduced

d5017d7de5636bfe5a2f13e64c685423723f7f33

Fixed

f64caeedbeda1010cfd8142d5fa0125e11568129

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-31456.json"