Impact
GLPI inventory endpoint can be used to drive a SQL injection attack.
Patches
Upgrade to 10.0.11
Workarounds
Disable native inventory.
For more information
If you have any questions or comments about this advisory, mail us at glpi-security@ow2.org.
Credits
This vulnerability was discovered by Nikita Petrov (Positive Technologies).
Impact
GLPI inventory endpoint can be used to drive a SQL injection attack.
Patches
Upgrade to 10.0.11
Workarounds
Disable native inventory.
For more information
If you have any questions or comments about this advisory, mail us at glpi-security@ow2.org.
Credits
This vulnerability was discovered by Nikita Petrov (Positive Technologies).