CVE-2023-51446

Summary

GLPI is a Free Asset and IT Management Software package. When authentication is made against a LDAP, the authentication form can be used to perform LDAP injection. Upgrade to 10.0.12.

Affected Software

VendorProductVersion RangeStatus
glpi-projectglpi>= 0.70, < 10.0.12affected

Weaknesses

  • CWE-90: CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
  • CWE-74: CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References