CVE-2023-46726

Sažetak

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, on PHP 7.4 only, the LDAP server configuration form can be used to execute arbitrary code previously uploaded as a GLPI document. Version 10.0.11 contains a patch for the issue.

Reference

https://github.com/glpi-project/glpi/commit/42ba2b031bec0b3889317db25f3adf9080fc11b2
https://github.com/glpi-project/glpi/releases/tag/10.0.11
https://github.com/glpi-project/glpi/security/advisories/GHSA-qc92-gxc6-5f95

CVSS

Base:	9.8
Impact:	5.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

18-12-2023 - 18:59

Objavljeno

13-12-2023 - 19:15