CVE-2023-42461: SQL injection in ITIL actors in GLPI
First published: Tue Sep 26 2023(Updated: )
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The ITIL actors input field from the Ticket form can be used to perform a SQL injection. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability.
Credit: security-advisories@github.com security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GLPI-PROJECT GLPI | >=10.0.0<10.0.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-42461?
CVE-2023-42461 is a vulnerability in GLPI software that allows SQL injection through the ITIL actors input field in the Ticket form.
How severe is CVE-2023-42461?
CVE-2023-42461 has a severity rating of critical with a CVSS score of 9.8.
What software is affected by CVE-2023-42461?
GLPI software version 10.0.0 to 10.0.10 is affected by CVE-2023-42461.
How can I fix CVE-2023-42461?
To fix CVE-2023-42461, users are advised to apply the latest security patch provided by the GLPI project.
Where can I find more information about CVE-2023-42461?
More information about CVE-2023-42461 can be found in the GLPI project's security advisory on GitHub.
- collector/nvd-api
- collector/nvd-index
- agent/type
- agent/author
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/severity
- agent/tags
- agent/event
- agent/first-publish-date
- agent/description
- vendor/glpi-project
- canonical/glpi-project glpi
- version/glpi-project glpi/10.0.0