CNNVD-202511-129 Information
CNNVD ID
CNNVD-202511-129
Related CVE
- CNNVD Published: 2025-11-04
Description (Chinese)
GLPI Inventory Plugin是法国GLPI开源的一种插件。用于为 GLPI 代理处理各种类型的任务。 GLPI Inventory Plugin 1.5.0及之前版本存在SQL注入漏洞,该漏洞源于用户输入未经过充分验证与转义,可能导致攻击者恶意输入操控数据库。
Description (English)
GLPI Inventory Plugin is an open source plugin for GLPI in France. To handle various types of tasks for GLPI agents. GLPI Inventory Plugin 1.5.0 and previous versions had an injection loophole in SQL, which stemmed from the fact that user input had not been sufficiently validated and converted, which could lead to the assailant entering the manipulation database in bad faith.
Hazard Level
Medium
Vulnerability Type
SQL注入
Affected Vendor
GLPI
Published
2025-11-04
Last Modified
2026-02-24
References
https://github.com/glpi-project/glpi-inventory-plugin/releases/tag/1.5.1 https://github.com/glpi-project/glpi-inventory-plugin/security/advisories/GHSA-w2cp-r675-6xpq https://github.com/glpi-project/glpi-inventory-plugin/blob/1.5.1/CHANGELOG.md https://access.redhat.com/security/cve/cve-2025-32786
Patch
https://github.com/glpi-project/glpi-inventory-plugin/releases
Share on: