GCVE - cpe:2.3:a:pluginsglpi:databaseinventory:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:pluginsglpi:databaseinventory:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Pluginsglpi (`06299ce7-7c01-5e27-80d2-610e38d2f6b3`)
Product	Databaseinventory (`a5849e02-f8e3-5dd3-a476-a67f6d19e8cd`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-65035`	vulnerable	2026-06-08 07:39:20.653804	GLPI Database Inventory Plugin Vulnerable to Stored Object Injection MEDIUM (6.4) pluginsGLPI's Database Inventory Plugin "manages" the Teclib' inventory agents in order to perform an inventory of the databases present on the workstation. Prior to version 1.1.2, in certain conditions (database write access must first be obtained through another vulnerability or misconfiguration), user-controlled data is stored insecurely in the database via computergroup, and is later unserialized on every page load, allowing arbitrary PHP object instantiation. Version 1.1.2 fixes the issue. Published: 2025-12-19T16:35:56.944Z Updated: 2025-12-19T18:00:25.116Z Open on db.gcve.eu Reference links https://github.com/pluginsGLPI/databaseinventory/security/advisories/GHSA-xc3r-32rx-3j4j https://github.com/pluginsGLPI/databaseinventory/commit/08c7055d2c5fc744cb092d7d56a608e359c56f1a https://github.com/pluginsGLPI/databaseinventory/blob/1.1.2/CHANGELOG.md#112---2025-11-25	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-53360`	vulnerable	2026-06-08 07:31:14.443985	pluginsGLPI's Database Inventory Plugin allows any authenticated user to send agent requests MEDIUM (4.3) pluginsGLPI's Database Inventory Plugin "manages" the Teclib' inventory agents in order to perform an inventory of the databases present on the workstation. In versions prior to 1.0.3, any authenticated user could send requests to agents. This issue has been patched in version 1.0.3. Published: 2025-11-18T16:12:15.116Z Updated: 2025-11-18T18:22:25.605Z Open on db.gcve.eu Reference links https://github.com/pluginsGLPI/databaseinventory/security/advisories/GHSA-5j5j-xr62-jr58 https://github.com/pluginsGLPI/databaseinventory/commit/0a376a0c6f4142e11ea518faefe95c01b176fd87 https://github.com/pluginsGLPI/databaseinventory/commit/7dcad1efb6ee84e9cffb3b446cdb47dc0be1091e https://github.com/pluginsGLPI/databaseinventory/commit/e9d4474acdab4141a6f4798cdd406b0d04480269	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.