ROS-20240812-13

A vulnerability in GLPI’s asset and data center management software involves
server-side request forgery. Exploitation of the vulnerability could allow an attacker acting remotely to perform an SSRF-based attack using the creation of an arbitrary object.
remotely to execute an SSRF-based attack using arbitrary object creation

The vulnerability in the GLPI computer equipment request, incident and inventory system is related to the
flaws in the authorization procedure. Exploitation of the vulnerability could allow an attacker acting
remotely to gain unauthorized access to protected information

GLPI asset management and data center management software vulnerability is related to an
improper authorization. Exploitation of the vulnerability could allow an attacker acting remotely,
obtain sensitive information

Vulnerability in GLPI’s computer equipment requisition, incident and inventory system is related to
Failure to take measures to protect the structure of a web page. Exploitation of the vulnerability could allow an attacker,
acting remotely, to execute arbitrary SQL code in a search engine to retrieve data

GLPI asset management and data center management software vulnerability is related to the
neutralization of special elements used in an LDAP query. Exploitation of the vulnerability could
Allow an attacker acting remotely to exploit LDAP injections

The GLPI asset and data center management software vulnerability is related to
Providing a malicious link to the GLPI administrator to an unauthenticated user. Exploitation of the
of the vulnerability could allow an attacker acting remotely to perform an XSS attack

GLPI asset and data center management software vulnerability is related to
Improper neutralization of input data during web page generation. Exploitation of the vulnerability could
Allow an attacker acting remotely to use a malicious URL to perform XSS on
report pages