Skip to content

SQL injection using custom CSS administration form

Moderate
trasher published GHSA-5hg4-r64r-rf83 Jan 27, 2022

Package

glpi (glpi)

Affected versions

< 9.5.7

Patched versions

9.5.7

Description

Impact

Entity administrator is capable of retrieve normally inaccessible data (GLPI data, system data, mysql data).

Patches

TODO

Workarounds

Disabling Entities update right prevents exploit of this vulnerability.

Severity

Moderate

CVE ID

CVE-2022-21720

Weaknesses

Credits