{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-09T23:23:26.619","vulnerabilities":[{"cve":{"id":"CVE-2023-46726","sourceIdentifier":"security-advisories@github.com","published":"2023-12-13T19:15:07.830","lastModified":"2024-11-21T08:29:10.017","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, on PHP 7.4 only, the LDAP server configuration form can be used to execute arbitrary code previously uploaded as a GLPI document. Version 10.0.11 contains a patch for the issue."},{"lang":"es","value":"GLPI es un paquete de software gratuito de gestión de activos y TI. A partir de la versión 10.0.0 y anteriores a la versión 10.0.11, solo en PHP 7.4, el formulario de configuración del servidor LDAP se puede utilizar para ejecutar código arbitrario cargado previamente como un documento GLPI. La versión 10.0.11 contiene un parche para el problema."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*","versionStartIncluding":"10.0.0","versionEndExcluding":"10.0.11","matchCriteriaId":"26DF2F46-6455-4440-BB5D-75FEB6798705"}]}]}],"references":[{"url":"https://github.com/glpi-project/glpi/commit/42ba2b031bec0b3889317db25f3adf9080fc11b2","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/glpi-project/glpi/releases/tag/10.0.11","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/glpi-project/glpi/security/advisories/GHSA-qc92-gxc6-5f95","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/glpi-project/glpi/commit/42ba2b031bec0b3889317db25f3adf9080fc11b2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/glpi-project/glpi/releases/tag/10.0.11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]},{"url":"https://github.com/glpi-project/glpi/security/advisories/GHSA-qc92-gxc6-5f95","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}