GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.8, Computer Virtual Machine form and GLPI inventory request can be used to perform a SQL injection attack. Version 10.0.8 has a patch for this issue. As a workaround, one may disable native inventory. https://github.com/glpi-project/glpi/security/advisories/GHSA-vf5h-jh9q-2gjm https://github.com/glpi-project/glpi/releases/tag/10.0.8
Created glpi tracking bugs for this issue: Affects: epel-7 [bug 2220914]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.