|Number of vulnerabilities||1|
|Public exploit||Public exploit code for vulnerability #1 is available.|
Web applications / CRM systems
This security bulletin contains one low risk vulnerability.
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: YesDescription
The vulnerability allows a remote authenticated attacker to execute arbitrary SQL commands.
The weakness exists due to improper validation of user-supplied input. A remote attacker can supply a specially crafted character when the database is configured to use Big5 Asian encoding and execute arbitrary SQL commands on the system.
Install update from vendor's website.
GLPI: 0.90.4 - 0.90.4CPE2.3
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?