CVE-2025-32786

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-32786

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-32786.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-32786

Aliases

GHSA-w2cp-r675-6xpq

Published

2025-11-04T20:18:43Z

Modified

2025-11-06T01:20:33.911894Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

GLPI Inventory Plugin is Vulnerable to Unauthenticated SQL Injection

Details

The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Versions 1.5.0 and below are vulnerable to SQL Injection. This issue is fixed in version 1.5.1.

Database specific

{
    "cwe_ids": [
        "CWE-89"
    ]
}

References

Affected packages

Git / github.com/glpi-project/glpi-inventory-plugin

Affected ranges

Type: GIT
Repo: https://github.com/glpi-project/glpi-inventory-plugin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

c07a93a5f7d48c4426bce7216953a49378f997db

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.1.0

1.2.0

1.2.1

1.2.2

1.2.3

1.3.0

1.3.1

1.3.2

1.3.3

1.3.4

1.3.5

1.4.0

1.5.0