top of page
perceptive_background_267k.jpg

GLPI is a free asset and IT management software package. From 11.0.0, < 11.0.3, an unauthenticated user can perform a SQL injection through the inventory endpoi…

Published:

14 January 2026 at 23:00:00

Alert date:

15 January 2026 at 18:11:37

Source:

nvd.nist.gov

Click to open the original link from this advisory

Enterprise Applications, Database & Storage

GLPI, a free asset and IT management software package, contains a SQL injection vulnerability affecting versions 11.0.0 through 11.0.2. The vulnerability allows unauthenticated users to perform SQL injection attacks through the inventory endpoint. This represents a critical security flaw as it requires no authentication and could lead to database compromise. The vulnerability has been patched in version 11.0.3. Organizations using affected GLPI versions should immediately upgrade to the fixed version to prevent potential exploitation.

Technical details

Mitigation steps:

Affected products:

GLPI

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2025-66417
https://github.com/glpi-project/glpi/security/advisories/GHSA-p467-682w-9cc9

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page