In affected versions there is a SQL injection vulnerability which is possible on login page. No user credentials are required to exploit this vulnerability. There are no known workarounds for this issue. Reference: https://github.com/glpi-project/glpi/security/advisories/GHSA-w2gc-v2gm-q7wq https://github.com/glpi-project/glpi/commit/21ae07d00d0b3230f6235386e98388cfc5bb0514
Created glpi tracking bugs for this issue: Affects: epel-7 [bug 2103143]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.