CNNVD-202512-3814 Information
CNNVD ID
CNNVD-202512-3814
Related CVE
- CNNVD Published: 2025-12-19
Description (Chinese)
Database inventory plugin是GLPI Project Plugins开源的一个数据库管理插件。 Database inventory plugin 1.1.2之前版本存在代码问题漏洞,该漏洞源于用户控制数据不安全存储,可能导致任意PHP对象实例化。
Description (English)
Data inventory plugin is a database management plugin for GLPI Project Plugins. There was a code problem loophole in the pre-Database inventory plugin 1.1.2 version, which stemmed from the unsafe storage of user-controlled data, which could lead to the demonstration of any PHP object.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
GLPI Project Plugins
Published
2025-12-19
Last Modified
2026-02-24
References
https://github.com/pluginsGLPI/databaseinventory/blob/1.1.2/CHANGELOG.md#112—2025-11-25 https://github.com/pluginsGLPI/databaseinventory/commit/08c7055d2c5fc744cb092d7d56a608e359c56f1a https://github.com/pluginsGLPI/databaseinventory/security/advisories/GHSA-xc3r-32rx-3j4j https://access.redhat.com/security/cve/cve-2025-65035
Patch
https://github.com/pluginsGLPI/databaseinventory/releases
Share on: