CVE-2024-11955

Medium CVSS: 5.3

A vulnerability was found in GLPI up to 10.0.17. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument redirect leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 10.0.18 is able to address this issue. It is recommended to upgrade the affected component.

Vendor

Glpi-project

Product

Glpi

CWE

CWE-601

Yayın Tarihi

2025-02-25 16:15:37

Güncelleme

2025-03-04 14:14:30

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-601 Glpi MEDIUM Glpi-project 2025

Referanslar

https://github.com/glpi-project/glpi/releases/tag/10.0.18 https://github.com/glpi-project/glpi/security/advisories/GHSA-g5fm-jq4j-c2c7 https://vuldb.com/?ctiid.296809 https://vuldb.com/?id.296809 https://vuldb.com/?submit.451775

Benzer Kayıtlar

High

CVE-2026-26001

The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents…

Medium

CVE-2026-25590

The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents…

Medium

CVE-2026-22821

mreporting is the more reporting GLPI plugin. Prior to 1.9.4, there is a possible SQL injection on date change. This vul…

Medium

CVE-2026-22044

GLPI is a free asset and IT management software package. From version 0.85 to before 10.0.23, an authenticated user can…

Medium

CVE-2026-22247

GLPI is a free asset and IT management software package. From version 11.0.0 to before 11.0.5, a GLPI administrator can…

Medium

CVE-2026-23624

GLPI is a free asset and IT management software package. In versions starting from 0.71 to before 10.0.23 and before 11.…