Vulnerability CVE-2023-36808
Published: 2023-07-05

Description:
GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.8, Computer Virtual Machine form and GLPI inventory request can be used to perform a SQL injection attack. Version 10.0.8 has a patch for this issue. As a workaround, one may disable native inventory.

Type:

CWE-89

 (Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'))

 References:
https://github.com/glpi-project/glpi/security/advisories/GHSA-vf5h-jh9q-2gjm
https://github.com/glpi-project/glpi/releases/tag/10.0.8
Copyright 2026, cxsecurity.com

 

Back to Top