CVE-2023-46726 Information

Description

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11 on PHP 7.4 only the LDAP server configuration form can be used to execute arbitrary code previously uploaded as a GLPI document. Version 10.0.11 contains a patch for the issue.

Reference

https://github.com/glpi-project/glpi/security/advisories/GHSA-qc92-gxc6-5f95 https://github.com/glpi-project/glpi/commit/42ba2b031bec0b3889317db25f3adf9080fc11b2 https://github.com/glpi-project/glpi/releases/tag/10.0.11