The vulnerability of the GLPI system’s handling of requests and incidents lies in the improper cancellation of input during the generation of web pages, allowing a malicious user to execute arbitrary SQL queries in the database.
The vulnerability of the GLPI system for handling requests and incidents is related to insufficient cleaning of user data on search pages. A malicious actor can trick a victim into clicking on a specially created link, allowing arbitrary HTML code and scripts to be executed in the user’s browser...