Name | CVE-2020-15108 |
Description | In glpi before 9.5.1, there is a SQL injection for all usages of "Clone" feature. This has been fixed in 9.5.1. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
The information below is based on the following data on fixed versions.
Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
---|---|---|---|---|---|---|
glpi | source | (unstable) | (unfixed) | unimportant |
https://github.com/glpi-project/glpi/security/advisories/GHSA-qv6w-68gq-wx2v
https://github.com/glpi-project/glpi/commit/a4baa64114eb92fd2adf6056a36e0582324414ba
https://github.com/glpi-project/glpi/pull/6684
Only supported behind an authenticated HTTP zone