CNNVD-202507-3773 Information
CNNVD ID
CNNVD-202507-3773
Related CVE
- CNNVD Published: 2025-07-30
Description (Chinese)
GLPI是GLPI开源的一款开源IT和资产管理软件。该软件提供功能全面的IT资源管理接口,你可以用它来建立数据库全面管理IT的电脑,显示器,服务器,打印机,网络设备,电话,甚至硒鼓和墨盒等。 GLPI 0.84至10.0.18版本存在代码问题漏洞,该漏洞源于RSS源或外部日历使用不当,可能导致服务端请求伪造。
Description (English)
GLPI is an open-source IT and asset management software for GLPI. The software provides a fully functional IT resource management interface, which you can use to create a database that fully manages IT computers, monitors, servers, printers, network equipment, telephones, even selenium drums and cartridges. GLPI versions 0.84 to 10.0.18 contain a code problem loophole, which stems from the inappropriate use of RSS sources or external calendars, which may lead to the forgery of service-level requests.
Hazard Level
Critical
Vulnerability Type
代码问题
Affected Vendor
GLPI
Published
2025-07-30
Last Modified
2026-02-24
References
https://github.com/glpi-project/glpi/security/advisories/GHSA-5mp6-mgmh-vrq7 https://access.redhat.com/security/cve/cve-2025-52567
Patch
https://glpi-project.org/downloads/
Share on: