When supplying a back tick in input that gets put into a SQL query,the application does not escape or sanitize allowing for SQL Injection to occur.
Impact
Leveraging this vulnerability an attacker is able to exfiltrate sensitive information like passwords, reset tokens, personal details, and more.
Patches
TODO
For more information
If you have any questions or comments about this advisory:
Email us at glpi-security@ow2.org
SchneiderSec Analyst
When supplying a back tick in input that gets put into a SQL query,the application does not escape or sanitize allowing for SQL Injection to occur.
Impact
Leveraging this vulnerability an attacker is able to exfiltrate sensitive information like passwords, reset tokens, personal details, and more.
Patches
TODO
For more information
If you have any questions or comments about this advisory:
Email us at glpi-security@ow2.org