GLPI Inventory Plugin is Vulnerable to Unauthenticated SQL Injection

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Description

The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Versions 1.5.0 and below are vulnerable to SQL Injection. This issue is fixed in version 1.5.1.

Basic Information

ID CVE-2025-32786

Source GitHub_M

Published Nov 4, 2025 at 20:18

Affected Product

Vendor glpi-project

Product glpi-inventory-plugin

Version < 1.5.1

Affected Versions glpi-project glpi-inventory-plugin < 1.5.1

CWE Classification

CWE-89

References

{
    "lastseen": "",
    "description": "The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Versions 1.5.0 and below are vulnerable to SQL Injection. This issue is fixed in version 1.5.1.",
    "published": "2025-11-04T20:18:43.581Z",
    "modified": "2025-11-04T20:18:43.581Z",
    "type": "cve",
    "title": "GLPI Inventory Plugin is Vulnerable to Unauthenticated SQL Injection",
    "source": "GitHub_M",
    "references": "https://github.com/glpi-project/glpi-inventory-plugin/security/advisories/GHSA-w2cp-r675-6xpq\nhttps://github.com/glpi-project/glpi-inventory-plugin/blob/1.5.1/CHANGELOG.md\nhttps://github.com/glpi-project/glpi-inventory-plugin/releases/tag/1.5.1",
    "id": "CVE-2025-32786",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "glpi-project glpi-inventory-plugin < 1.5.1",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "glpi-inventory-plugin",
    "version": "< 1.5.1",
    "vendor": "glpi-project",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

GLPI Inventory Plugin is Vulnerable to Unauthenticated SQL Injection_CVE-2025-32786