{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T07:38:47.462","vulnerabilities":[{"cve":{"id":"CVE-2024-40638","sourceIdentifier":"security-advisories@github.com","published":"2024-11-15T18:15:27.457","lastModified":"2024-11-20T15:30:37.387","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"GLPI is a free asset and IT management software package. An authenticated user can exploit multiple SQL injection vulnerabilities. One of them can be used to alter another user account data and take control of it. Upgrade to 10.0.17."},{"lang":"es","value":"GLPI es un paquete de software gratuito de gestión de activos y TI. Un usuario autenticado puede explotar múltiples vulnerabilidades de inyección SQL. Una de ellas puede utilizarse para alterar los datos de la cuenta de otro usuario y tomar el control de esta. Actualice a la versión 10.0.17."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*","versionStartIncluding":"0.85","versionEndExcluding":"10.0.17","matchCriteriaId":"EF1CB35A-7DA0-4413-83E8-C8AFA528212D"}]}]}],"references":[{"url":"https://github.com/glpi-project/glpi/security/advisories/GHSA-8843-r3m7-gfqx","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}