HIGH🇵🇱 Wersja polska

CVE-2026-22248

CVSS 8.0v3.1pub. 2026-03-11upd. 2026-03-20

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. From 11.0.0 to before 11.0.5, an authenticated technician user can upload a malicious file and trigger its execution through an unsafe PHP instantiation. This vulnerability is fixed in 11.0.5.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
  • Teclib Edition Glpi

    APP
    Teclib-Edition
    11.0.0 – 11.0.5 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Deserialization
CWE
References

Related vulnerabilities

CVE-2026-25937MEDIUM6.5ten sam produkt

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0....

CVE-2026-25936MEDIUM6.5ten sam produkt

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0....

CVE-2026-23489CRITICAL9.1PL ✓ten sam vendor

RCE przez tworzenie dropdownów w pluginie Fields dla GLPI

CVE-2021-43779CRITICAL9.9ten sam vendor

GLPI is an open source IT Asset Management, issue tracking system and service desk system. The GLPI addressing...

CVE-2019-12723CRITICAL9.8ten sam vendor

An issue was discovered in the Teclib Fields plugin through 1.9.2 for GLPI. it allows SQL Injection via contai...