Unrated severityNVD Advisory· Published Nov 3, 2022· Updated Apr 23, 2025
SQL Injection on REST API in GLPI
CVE-2022-39323
Description
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Time based attack using a SQL injection in api REST user_token. This issue has been patched, please upgrade to version 10.0.4. As a workaround, disable login with user_token on API Rest.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<10.0.4+ 1 more
- (no CPE)range: <10.0.4
- (no CPE)range: < 10.0.4
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.