CVE-2026-25936

Published: Mar 17, 2026 Last Modified: Mar 17, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,5

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: low

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: none

Availability: none

Description

AI Translation Available

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, an authenticated user can perfom a SQL injection. Version 11.0.6 fixes the issue.

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Stable

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity Availability Authentication Access Control

Potential Impacts:

Execute Unauthorized Code Or Commands Read Application Data Gain Privileges Or Assume Identity Bypass Protection Mechanism Modify Application Data

Applicable Platforms

Languages: Not Language-Specific, SQL

Technologies: Database Server

Likelihood of Exploit: High

View CWE Details

https://github.com/glpi-project/glpi/security/advisories/GH…

https://github.com/glpi-project/glpi/security/advisories/GHSA-qw3x-7vv2-7759

CVE-2026-25936

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Common Consequences

Applicable Platforms

Iscriviti alla newsletter