CVE-2022-21720

CVE-2022-21720

GLPI is a free asset and IT management software package. Prior to version 9.5.7, an entity administrator is capable of retrieving normally inaccessible data via SQL injection. Version 9.5.7 contains a patch for this issue. As a workaround, disabling the `Entities` update right prevents exploitation of this vulnerability.

Source: CVE-2022-21720

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다