{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-05T12:40:15.923","vulnerabilities":[{"cve":{"id":"CVE-2023-41320","sourceIdentifier":"security-advisories@github.com","published":"2023-09-27T15:19:29.297","lastModified":"2024-11-21T08:21:03.940","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. UI layout preferences management can be hijacked to lead to SQL injection. This injection can be use to takeover an administrator account. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability."},{"lang":"es","value":"Gestionnaire Libre de Parc Informatique (GLPI) es un paquete Gratuito de Software de Gestión de Activos IT, que proporciona funciones de ITIL Service Desk, seguimiento de licencias y auditoría de software. La gestión de preferencias del diseño de la interfaz de usuario se puede secuestrar para provocar una inyección de SQL. Esta inyección se puede utilizar para hacerse cargo de una cuenta de administrador. Se recomienda a los usuarios que actualicen a la versión 10.0.10. No se conocen workarounds para esta vulnerabilidad."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*","versionStartIncluding":"10.0.0","versionEndExcluding":"10.0.10","matchCriteriaId":"AC43FDD9-D833-4957-830E-F6557428DB4E"}]}]}],"references":[{"url":"https://github.com/glpi-project/glpi/security/advisories/GHSA-mv2r-gpw3-g476","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://github.com/glpi-project/glpi/security/advisories/GHSA-mv2r-gpw3-g476","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}