The vulnerability of the GLPI system’s request and incident handling process, related to the possibility of forging requests on the server side, allows attackers to perform SSRF attacks.

The vulnerability of the GLPI system’s request and incident handling functionality lies in insufficient verification of data entered by users in the automatic RSS detection function. Users can send specially crafted HTTP requests to trick the application into initiating requests to arbitrary...