The constructSQL function in inc/search.class.php in GLPI 9.2.x up to and including 9.3.0 allows SQL Injection, as demonstrated by triggering a crafted LIMIT clause to front/computer.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
glpi-project glpi |