Security Advisory

CVE-2022-21720

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-01-28 10:15:14

Last updated 2025-05-05 16:33:40

Assigner GitHub_M

State PUBLISHED

Description

GLPI is a free asset and IT management software package. Prior to version 9.5.7, an entity administrator is capable of retrieving normally inaccessible data via SQL injection. Version 9.5.7 contains a patch for this issue. As a workaround, disabling the `Entities` update right prevents exploitation of this vulnerability.

← Browse all CVEs View on cve.org ↗