FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

GLPI -- multiple vulnerabilities

Affected packages
		glpi	<	10.0.16,1

Details

VuXML ID	6091d1d8-4347-11ef-a4d4-080027957747
Discovery	2024-06-03
Entry	2024-07-16

GLPI team reports:

GLPI 10.0.16 Changelog

[SECURITY - high] Account takeover via SQL Injection in AJAX scripts (CVE-2024-37148)

[SECURITY - high] Remote code execution through the plugin loader (CVE-2024-37149)

[SECURITY - moderate] Authenticated file upload to restricted tickets (CVE-2024-37147)

[source]

References

CVE Name	CVE-2024-37147
CVE Name	CVE-2024-37148
CVE Name	CVE-2024-37149
URL	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37147
URL	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37148
URL	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37149
URL	https://github.com/glpi-project/glpi/releases/tag/10.0.16