fransosiche

1 exploit Active since Jul 2023
CVE-2023-36808 NOMISEC HIGH WORKING POC
GLPI 0.80-10.0.7 - SQL Injection via Computer Virtual Machine Form and Inventory Request
GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.8, Computer Virtual Machine form and GLPI inventory request can be used to perform a SQL injection attack. Version 10.0.8 has a patch for this issue. As a workaround, one may disable native inventory.
CVSS 8.6