Home > Vulnerability Database > CVE-2024-40638

Mend.io Vulnerability Database

CVE-2024-40638

Date: November 15, 2024

GLPI is a free asset and IT management software package. An authenticated user can exploit multiple SQL injection vulnerabilities. One of them can be used to alter another user account data and take control of it. Upgrade to 10.0.17.

Language: PHP

Severity Score

8.1

Related Resources (3)

Url: https://github.com/glpi-project/glpi/security/advisories/GHSA-8843-r3m7-gfqx

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-40638

Url: https://www.mend.io/vulnerability-database/CVE-2024-40638

Severity Score

8.1

Weakness Type (CWE)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-89

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-40638

Date: November 15, 2024

Language: PHP

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?