Bkatapi

**Name of the Vulnerable Software and Affected Versions** GLPI versions prior to 10.0.17 **Description** The issue is related to a lack of protection against SQL injection attacks. An authenticated user can perform a SQL injection by changing their preferences. This could allow a remote attacker to execute SQL injections. **Recommendations** For versions prior to 10.0.17, upgrade to version 10.0.17 to resolve the issue. As a temporary workaround, consider restricting access to preference changes for authenticated users until the upgrade is applied.

**Name of the Vulnerable Software and Affected Versions** PHP versions 8.0.* through 8.0.29 PHP versions 8.1.* through 8.1.21 PHP versions 8.2.* through 8.2.7 **Description** The issue is related to the way PHP's XML functions rely on libxml global state to track configuration variables. This state can be changed by other modules, such as ImageMagick, within the same process, potentially leading to the disclosure of local files accessible to PHP. The vulnerable state may persist across many requests until the process is shut down. **Recommendations** For PHP versions 8.0.* through 8.0.29, update to version 8.0.30 or later. For PHP versions 8.1.* through 8.1.21, update to version 8.1.22 or later. For PHP versions 8.2.* through 8.2.7, update to version 8.2.8 or later.