GLPI SQL Injection Vulnerability in Inventory Endpoint

A SQL injection vulnerability has been identified in GLPI versions 10.0.0 and later, allowing unauthenticated users to exploit the inventory endpoint. This issue has been assigned a high severity rating due to its potential impact on data confidentiality.

Impact

Exploitation of this vulnerability allows for SQL injection, which could be used to manipulate database queries and potentially access or modify sensitive data.

Remediation

Users are advised to upgrade to GLPI version 10.0.18, where this vulnerability has been patched.