CVE-2024-27756

GLPI through 10.0.12 allows CSV injection by an attacker who is able to create an asset with a crafted title.

CVSS

No CVSS.

References

Link	Resource
https://medium.com/%40cristiansindile/formula-injection-in-glpi-cve-2024-27756-3649c7cca092	Exploit Third Party Advisory
https://medium.com/%40cristiansindile/formula-injection-in-glpi-cve-2024-27756-3649c7cca092	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*

History

04 Aug 2025, 18:58

Type	Values Removed	Values Added
References	~~() https://medium.com/%40cristiansindile/formula-injection-in-glpi-cve-2024-27756-3649c7cca092 -~~	() https://medium.com/%40cristiansindile/formula-injection-in-glpi-cve-2024-27756-3649c7cca092 - Exploit, Third Party Advisory
First Time		Glpi-project Glpi-project glpi
CPE		cpe:2.3:a:glpi-project:glpi::::::::

26 Mar 2024, 18:15

Type	Values Removed	Values Added
Summary	~~An issue in GLPI v.10.0.12 and before allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the title field.~~	GLPI through 10.0.12 allows CSV injection by an attacker who is able to create an asset with a crafted title.

15 Mar 2024, 12:53

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-03-15 07:15

Updated : 2025-08-04 18:58

NVD link : CVE-2024-27756

Mitre link : CVE-2024-27756

JSON object : View

Products Affected

glpi-project

CWE

No CWE.