Eric Carter

**Name of the Vulnerable Software and Affected Versions** GLPI version 0.90.4 **Description** The issue allows an authenticated remote attacker to execute arbitrary SQL commands by using a certain character when the database is configured to use Big5 Asian encoding. This is due to multiple SQL injection vulnerabilities. **Recommendations** For GLPI version 0.90.4, consider updating to a newer version that addresses the SQL injection vulnerabilities, or as a temporary workaround, restrict access to the database when it is configured to use Big5 Asian encoding to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.