The vulnerability in the GLPI system’s handling of requests and incidents, related to improper neutralization of special elements used in SQL commands, allows an attacker to carry out an attack based on time, using SQL injections in the REST API user_token.
The vulnerability of the GLPI system for handling requests and incidents is related to the improper neutralization of certain special elements. Exploiting this vulnerability allows a malicious actor to scan server ports or services, and to carry out attacks based on timing, using SQL injections i...