Vulnerability Description
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, the saved search feature can be used to perform a SQL injection. Version 10.0.11 contains a patch for the issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Glpi-Project | Glpi | >= 10.0.0, < 10.0.11 |
Related Weaknesses (CWE)
References
- https://github.com/glpi-project/glpi/commit/4bd7f02d940953b9cbc9d285f7544bb0e490Patch
- https://github.com/glpi-project/glpi/releases/tag/10.0.11Release Notes
- https://github.com/glpi-project/glpi/security/advisories/GHSA-94c3-fw5r-3362Vendor Advisory
- https://github.com/glpi-project/glpi/commit/4bd7f02d940953b9cbc9d285f7544bb0e490Patch
- https://github.com/glpi-project/glpi/releases/tag/10.0.11Release Notes
- https://github.com/glpi-project/glpi/security/advisories/GHSA-94c3-fw5r-3362Vendor Advisory
FAQ
What is CVE-2023-43813?
CVE-2023-43813 is a vulnerability with a CVSS score of 6.5 (MEDIUM). GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, the saved search feature can be used to perform a SQL injection. Version 10.0.11 conta...
How severe is CVE-2023-43813?
CVE-2023-43813 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-43813?
Check the references section above for vendor advisories and patch information. Affected products include: Glpi-Project Glpi.