Critical severity9.8NVD Advisory· Published Jul 17, 2017· Updated May 13, 2026
CVE-2017-11329
CVE-2017-11329
Description
GLPI before 9.1.5 allows SQL injection via an ajax/getDropdownValue.php request with an entity_restrict parameter that is not a list of integers.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- github.com/glpi-project/glpi/issues/2456nvdThird Party Advisory
- github.com/glpi-project/glpi/releases/tag/9.1.5nvdThird Party Advisory
News mentions
0No linked articles in our index yet.