FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

glpi -- Multiple SQL Injections Stemming From isNameQuoted()

Affected packages
0.68 < glpi
glpi < 9.5.2


VuXML ID b7abdb0f-3b15-11eb-af2a-080027dbe4b7
Discovery 2020-06-25
Entry 2020-06-25

MITRE Corporation reports:

In GLPI before version 9.5.2, when supplying a back tick in input that gets put into a SQL query,the application does not escape or sanitize allowing for SQL Injection to occur. Leveraging this vulnerability an attacker is able to exfiltrate sensitive information like passwords, reset tokens, personal details, and more. The issue is patched in version 9.5.2


CVE Name CVE-2020-15176