CVE-2022-35947
Discription
GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset
and IT Management Software package, that provides ITIL Service Desk
features, licenses tracking and software auditing. Affected versions have
been found to be vulnerable to a SQL injection attack which an attacker
could leverage to simulate an arbitrary user login. Users are advised to
upgrade to version 10.0.3. Users unable to upgrade should disable the
`Enable login with external token` API configuration.Read More
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35947https://github.com/glpi-project/glpi/commit/564309d2c1180d5ba1615f4bbaf6623df81b4962https://github.com/glpi-project/glpi/security/advisories/GHSA-7p3q-cffg-c8xhhttps://nvd.nist.gov/vuln/detail/CVE-2022-35947https://launchpad.net/bugs/cve/CVE-2022-35947https://security-tracker.debian.org/tracker/CVE-2022-35947Back to Main