SQL Injection Vulnerability in GLPI's Assistance Forms

SQL Injection Vulnerability in GLPI's Assistance Forms

CVE-2022-31056 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all assistance forms (Ticket/Change/Problem) permit sql injection on the actor fields. This issue has been resolved in version 10.0.2 and all affected users are advised to upgrade.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.