CVE-2024-41679

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Nov 15, 2024

CWE ID 89

Summary

CVE-2024-41679 is a SQL injection vulnerability affecting GLPI, a widely-used free asset and IT management software. An authenticated user can exploit this weakness in the ticket form, potentially gaining unauthorized access to sensitive data. To mitigate this risk, it is recommended that users upgrade their GLPI installation to version 10.0.17. Successful exploitation could lead to data theft or system compromise, making this a significant security concern for organizations reliant on GLPI for IT management.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

GLPI Project

Affected Vendors

Teclib

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/xF9Oda
https://www.cve.org/CVERecord?id=CVE-2024-41679
https://nvd.nist.gov/vuln/detail/CVE-2024-41679

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners