1 matches found
GLPI 9.1 < 10.0.3 SQL Injection
GLPI in version 9.1 10.0.3 has an unauthenticated SQL Injection via the 'usertoken' parameter on the REST API. An attacker can use this injection to simulate an arbitrary user login. No source data...