Bull53Y3Fl1Nch

**Name of the Vulnerable Software and Affected Versions** GLPI versions prior to 9.5.7 **Description** The issue is related to a lack of protection against SQL query structure exploitation, allowing a remote attacker to execute arbitrary SQL queries. An entity administrator can retrieve normally inaccessible data via SQL injection. **Recommendations** For versions prior to 9.5.7, update to version 9.5.7 to resolve the issue. As a temporary workaround, consider disabling the `Entities` update right to prevent exploitation of this vulnerability.