Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
GLPI Database Inventory Plugin Vulnerable to Stored Object Injection
Vulnerability Description
pluginsGLPI's Database Inventory Plugin "manages" the Teclib' inventory agents in order to perform an inventory of the databases present on the workstation. Prior to version 1.1.2, in certain conditions (database write access must first be obtained through another vulnerability or misconfiguration), user-controlled data is stored insecurely in the database via computergroup, and is later unserialized on every page load, allowing arbitrary PHP object instantiation. Version 1.1.2 fixes the issue.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
可信数据的反序列化
Vulnerability Title
Database inventory plugin 代码问题漏洞
Vulnerability Description
Database inventory plugin是GLPI Project Plugins开源的一个数据库管理插件。 Database inventory plugin 1.1.2之前版本存在代码问题漏洞,该漏洞源于用户控制数据不安全存储,可能导致任意PHP对象实例化。
CVSS Information
N/A
Vulnerability Type
N/A