CVE-2022-31061: SQL injection on login page in GLPI
First published: Tue Jun 28 2022(Updated: )
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions there is a SQL injection vulnerability which is possible on login page. No user credentials are required to exploit this vulnerability. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GLPI | >=9.3.0<9.5.8 | |
| GLPI | >=10.0.0<10.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-31061?
CVE-2022-31061 is categorized as a high severity SQL injection vulnerability.
How do I fix CVE-2022-31061?
To fix CVE-2022-31061, upgrade to GLPI version 10.0.3 or later.
What versions of GLPI are affected by CVE-2022-31061?
CVE-2022-31061 affects GLPI versions from 9.3.0 to 9.5.8 and 10.0.0 to 10.0.2.
Can CVE-2022-31061 be exploited without user credentials?
Yes, CVE-2022-31061 can be exploited on the login page without needing user credentials.
What type of vulnerability is CVE-2022-31061?
CVE-2022-31061 is a SQL injection vulnerability in the GLPI software.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/author
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/title
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/glpi-project
- canonical/glpi
- version/glpi/9.3.0
- version/glpi/10.0.0