Vulnerability Database

300,830

Total vulnerabilities in the database

CVE-2024-27098

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can execute a SSRF based attack using Arbitrary Object Instantiation. This issue has been patched in version 10.0.13.

Published: Mar 18, 2024
Updated: May 4, 2025
CVE: CVE-2024-27098
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.6
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

CWEs:

CWE-918

Affected Software
References

Software	From	Fixed in
glpi-project / glpi	9.5.0	10.0.13

https://github.com/glpi-project/glpi/commit/3b6bc1b4aa1f3693b20ada3425d2de5108522484
https://github.com/glpi-project/glpi/releases/tag/10.0.13
https://github.com/glpi-project/glpi/security/advisories/GHSA-92x4-q9w5-837w

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo