vulnerability
FreeBSD: VID-68958e18-ed94-11ed-9688-b42e991fc52e (CVE-2023-28639): glpi -- multiple vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:M/Au:N/C:P/I:P/A:N) | May 8, 2023 | May 16, 2023 | Dec 10, 2025 |
Severity
6
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:N)
Published
May 8, 2023
Added
May 16, 2023
Modified
Dec 10, 2025
Description
glpi Project reports: Multiple vulnerabilities found and fixed in this version: High CVE-2023-28849: SQL injection and Stored XSS via inventory agent request. High CVE-2023-28632: Account takeover by authenticated user. High CVE-2023-28838: SQL injection through dynamic reports. Moderate CVE-2023-28852: Stored XSS through dashboard administration. Moderate CVE-2023-28636: Stored XSS on external links. Moderate CVE-2023-28639: Reflected XSS in search pages. Moderate CVE-2023-28634: Privilege Escalation from technician to super-admin. Low CVE-2023-28633: Blind Server-Side Request Forgery (SSRF) in RSS feeds.
Solution
freebsd-upgrade-package-glpi
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.