CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-29250

GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions prior to version 10.0.1 it is possible to add extra information by SQL injection on search pages. In order to exploit this vulnerability a user must be logged in.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 46.4%

CVSS Severity

CVSS v3 Score 8.1

CVSS v2 Score 4.0

References

https://github.com/glpi-project/glpi/security/advisories/GHSA-5w33-4wrx-8hvw
https://github.com/glpi-project/glpi/security/advisories/GHSA-5w33-4wrx-8hvw

Products affected by CVE-2022-29250

Glpi-Project » Glpi » Version: 10.0.0

cpe:2.3:a:glpi-project:glpi:10.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-29250

Products

Pricing

Contact Us