The vulnerability of the Clone function in the GLPI system, which handles requests, incidents, and inventory management of computer equipment, allows a hacker to execute arbitrary SQL commands.

The vulnerability of the Clone function in the GLPI system for requests, incidents, and inventory management is related to the improper elimination of special elements used in SQL queries. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands remotely...

UBUNTU-CVE-2020-15108

In glpi before 9.5.1, there is a SQL injection for all usages of "Clone" feature. This has been fixed in 9.5.1...