GLPI before 18.104.22.168 has SQL Injection in the $crit variable in inc/computer_softwareversion.class.php, exploitable via ajax/common.tabs.php.
GLPI before 22.214.171.124 has SQL Injection in the condition rule field, exploitable via front/rulesengine.test.php.
Created glpi tracking bugs for this issue:
Affects: epel-7 [bug 1473226]
Affects: fedora-all [bug 1473225]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.