Published: 28/06/2022 Updated: 07/07/2022

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions there is a SQL injection vulnerability which is possible on login page. No user credentials are required to exploit this vulnerability. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.

Vulnerable Product	Search on Vulmon	Subscribe to Product
glpi-project glpi

PoC for GLPI CVE-2022-31061

CVE-2022-31061 PoC for GLPI CVE-2022-31061 A Proof of Concept for GLPI >= 930 and < 1002 - Unauthenticated SQL injection on login page Legal disclaimer : Use of this script for attacking à target without mutual consent is illegal It's is the end user responsibility to obey all applicables laws for his location Developers assume no lisibility and a

PoC for GLPI CVE-2022-31061

CVE-2022-31061 PoC for GLPI CVE-2022-31061 A Proof of Concept for GLPI >= 930 and < 1002 - Unauthenticated SQL injection on login page Legal disclaimer : Use of this script for attacking à target without mutual consent is illegal It's is the end user responsibility to obey all applicables laws for his location Developers assume no lisibility and a

CWE-89 https://github.com/glpi-project/glpi/security/advisories/GHSA-w2gc-v2gm-q7wq https://github.com/glpi-project/glpi/commit/21ae07d00d0b3230f6235386e98388cfc5bb0514 https://nvd.nist.gov https://github.com/Vu0r1-sec/CVE-2022-31061

CVE-2022-31061

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect