CVE-2017-11474

Name of the Vulnerable Software and Affected Versions GLPI versions prior to 9.1.5.1

Description The issue concerns SQL Injection in the crit variable within the inc/computer softwareversion.class.php file, which can be exploited through the ajax/common.tabs.php endpoint.

Recommendations For versions prior to 9.1.5.1, update to version 9.1.5.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the ajax/common.tabs.php endpoint until a patch is applied. Avoid using the crit variable in the affected API endpoint until the issue is resolved.