The vulnerability of the GLPI system’s request, incident, and computer equipment inventory processes, related to the improper elimination of special elements used in SQL commands, allows a malicious actor to execute arbitrary SQL queries against the database in the target system.

The vulnerability of the GLPI system’s request, incident, and computer equipment inventory management functions is related to the improper elimination of certain elements used in SQL commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries against the targ...

PT-2020-4301 · Teclib +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 9.5.2 Description: The issue is related to a SQL Injection in the API's search function, allowing an attacker to break SQL syntax and utilize a UNION SELECT query to reflect sensitive information, such as the current...

Teclib GLPI Encryption Problem Vulnerability

Teclib GLPI is an open source IT asset management suite from the French company Teclib. The suite includes features such as device status management, asset inventory storage, management processes and work log management. An encryption issue vulnerability exists in Teclib GLPI versions after 0.83....