CVE-2023-36808 Information

Description

GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.8 Computer Virtual Machine form and GLPI inventory request can be used to perform a SQL injection attack. Version 10.0.8 has a patch for this issue. As a workaround one may disable native inventory.

Reference

https://github.com/glpi-project/glpi/security/advisories/GHSA-vf5h-jh9q-2gjm https://github.com/glpi-project/glpi/releases/tag/10.0.8