VYPR
Unrated severityNVD Advisory· Published Jun 28, 2022· Updated Apr 23, 2025

SQL injection with _actor parameter in GLPI

CVE-2022-31056

Description

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all assistance forms (Ticket/Change/Problem) permit sql injection on the actor fields. This issue has been resolved in version 10.0.2 and all affected users are advised to upgrade.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Glpi Project/Glpillm-fuzzy2 versions
    <10.0.2+ 1 more
    • (no CPE)range: <10.0.2
    • (no CPE)range: >= 10.0.0, < 10.0.2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.