GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, even toner cartridges and ink cartridges, etc. A SQL injection vulnerability exists in versions of GLPI prior to 10.0.2, which stems from a lack of validation of external input in the actor field of all help forms (tickets/changes/issues) SQL statement validation. An attacker could use this vulnerability to execute illegal SQL commands to steal sensitive database data.