Critical severity9.8NVD Advisory· Published Jul 17, 2017· Updated Jun 17, 2026
CVE-2017-11329
CVE-2017-11329
Description
GLPI before 9.1.5 allows SQL injection via an ajax/getDropdownValue.php request with an entity_restrict parameter that is not a list of integers.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*range: <=9.1.4
- (no CPE)range: <9.1.5
Patches
Vulnerability mechanics
References
2- github.com/glpi-project/glpi/issues/2456nvdThird Party Advisory
- github.com/glpi-project/glpi/releases/tag/9.1.5nvdThird Party Advisory
News mentions
0No linked articles in our index yet.