github glpi-project/glpi 9.5.13

latest releases: 10.0.17, 11.0.0-alpha, 10.0.16...
19 months ago

Download it

This release fixes several security issues that have been recently discovered. Update is recommended!

You can download the GLPI 9.5.13 archive on GitHub.

You will find below the list of security issues fixed in this bugfixes version:

  • [SECURITY - High] Account takeover by authenticated user (CVE-2023-28632).
  • [SECURITY - High] SQL injection through dynamic reports (CVE-2023-28838).
  • [SECURITY - Moderate] Stored XSS through dashboard administration (CVE-2023-28852).
  • [SECURITY - Moderate] Stored XSS on external links (CVE-2023-28636).
  • [SECURITY - Moderate] Reflected XSS in search pages (CVE-2023-28639).
  • [SECURITY - Moderate] Privilege Escalation from technician to super-admin (CVE-2023-28634).
  • [SECURITY - Low] Blind Server-Side Request Forgery (SSRF) in RSS feeds (CVE-2023-28633).

Regards.

Don't miss a new glpi release

NewReleases is sending notifications on new releases.