Impact
An authenticated user can exploit a SQL injection vulnerability in the search engine to extract data from the database.
This security issue can be exploited only if GLPI server is using PHP 7.4.
Patches
Upgrade to 10.0.13.
Workarounds
Upgrade to PHP >= 8.0.
For more information
If you have any questions or comments about this advisory, mail us at glpi-security@ow2.org.
Impact
An authenticated user can exploit a SQL injection vulnerability in the search engine to extract data from the database.
This security issue can be exploited only if GLPI server is using PHP 7.4.
Patches
Upgrade to 10.0.13.
Workarounds
Upgrade to PHP >= 8.0.
For more information
If you have any questions or comments about this advisory, mail us at glpi-security@ow2.org.