Acesec

**Name of the Vulnerable Software and Affected Versions** GLPI versions 9.2.x through 9.3.0 **Description** The issue concerns SQL Injection in the constructSQL function, located in inc/search.class.php. This can be exploited by triggering a crafted LIMIT clause, for example, to front/computer.php. **Recommendations** For GLPI versions 9.2.x through 9.3.0, consider restricting access to the constructSQL function in inc/search.class.php until a patch is available. As a temporary workaround, avoid using the LIMIT clause in the affected API endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GLPI versions prior to 9.1.5 **Description** The issue allows remote authenticated administrators to delete arbitrary files by crafting the `file` parameter in the `front/backup.php` script. **Recommendations** For versions prior to 9.1.5, update to version 9.1.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** GLPI versions prior to 9.1.5 **Description** A SQL injection issue exists in the front/devicesoundcard.php file via the `start` parameter. **Recommendations** For versions prior to 9.1.5, update to version 9.1.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** GLPI versions prior to 9.1.5.1 **Description** The issue concerns SQL Injection in the `crit` variable within the inc/computer softwareversion.class.php file, which can be exploited through the ajax/common.tabs.php endpoint. **Recommendations** For versions prior to 9.1.5.1, update to version 9.1.5.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the ajax/common.tabs.php endpoint until a patch is applied. Avoid using the `crit` variable in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** GLPI versions prior to 9.1.5.1 **Description** The issue concerns SQL Injection in the condition rule field of GLPI, which can be exploited via the "front/rulesengine.test.php" API endpoint. **Recommendations** For versions prior to 9.1.5.1, update to version 9.1.5.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** GLPI versions prior to 9.1.5 **Description** The issue allows SQL injection via an "ajax/getDropdownValue.php" request with an `entity restrict` parameter that is not a list of integers. **Recommendations** For versions prior to 9.1.5, update to version 9.1.5 or later to resolve the issue.