GLPI SQL Injection Vulnerability (CNVD-2022-58234)

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build a database to fully manage IT computers, monitors, servers, printers, network devices, phones, even toner cartridges and ink cartridges, etc. A SQL injection vulnerability exists in versions prior to GLPI 1.0.2, which stems from a lack of validation of external input SQL in package deployment tasks statements in package deployment tasks. An attacker could use this vulnerability to execute illegal SQL commands to steal sensitive database data.