Alexmothe93

**Name of the Vulnerable Software and Affected Versions** glpi-inventory-plugin versions prior to 1.0.2 **Description** The issue concerns a SQL injection vulnerability in the glpi-inventory-plugin for GLPI, a free asset and IT management software package. This vulnerability can be exploited using package deployment tasks. The estimated number of potentially affected devices is not provided. There is no information about real-world incidents where this issue was exploited. Technical details about exploitation include the use of the `front/deploypackage.public.php` file and the `deploy tasks` feature. **Recommendations** For versions prior to 1.0.2, upgrade to version 1.0.2 to resolve the issue. As a temporary workaround for users unable to upgrade, delete the `front/deploypackage.public.php` file if the `deploy tasks` feature is not being used.