Unrated severityNVD Advisory· Published Jan 28, 2022· Updated May 5, 2025
SQL injection using custom CSS administration form in GLPI
CVE-2022-21720
Description
GLPI is a free asset and IT management software package. Prior to version 9.5.7, an entity administrator is capable of retrieving normally inaccessible data via SQL injection. Version 9.5.7 contains a patch for this issue. As a workaround, disabling the Entities update right prevents exploitation of this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- GLPI/GLPIdescription
- Range: <9.5.7
Patches
Vulnerability mechanics
References
3- github.com/glpi-project/glpi/commit/5c3eee696b503fdf502f506b00d15cf5b324b326mitrex_refsource_MISC
- github.com/glpi-project/glpi/releases/tag/9.5.7mitrex_refsource_MISC
- github.com/glpi-project/glpi/security/advisories/GHSA-5hg4-r64r-rf83mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.