CVE Daily

CVE-2025-21619

GLPI is a free asset and IT management software package. An administrator user c...

Critical CVSS 9.8

Overview

GLPI is a free asset and IT management software package. An administrator user can perfom a SQL injection through the rules configuration forms. This vulnerability is fixed in 10.0.18.

CWE: CWE-89 Published: 2025-03-18T19:15:47.997
Risk analysis

This vulnerability is rated 🔴 CRITICAL.

  • CVSS: 9.8 (CRITICAL)
  • Detected tags: sql (tag impact: MODERATE)

Recommended actions:

  • Use parameterized queries/ORM (avoid string concatenation).
  • Add WAF rules and input validation.

Recommended tools

Tags