{"id":"CVE-2025-66417","summary":"GLPI  has an unauthenticated SQL injection through the inventory endpoint","details":"GLPI is a free asset and IT management software package. From 11.0.0, \u003c 11.0.3, an unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 11.0.3.","aliases":["GHSA-p467-682w-9cc9"],"modified":"2026-04-10T05:34:21.463419Z","published":"2026-01-15T16:25:03.467Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/66xxx/CVE-2025-66417.json","cwe_ids":["CWE-89"],"cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/66xxx/CVE-2025-66417.json"},{"type":"ADVISORY","url":"https://github.com/glpi-project/glpi/security/advisories/GHSA-p467-682w-9cc9"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-66417"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/glpi-project/glpi","events":[{"introduced":"b5cb4adb3c350521d85209d49e29e8619cdf8316"},{"fixed":"f4258ac0a069c25cb10b2603cb460543b5efcd54"}]}],"versions":["11.0.0","11.0.1","11.0.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-66417.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}