Feals-404

**Name of the Vulnerable Software and Affected Versions** GLPI versions prior to 10.0.4 **Description** The issue is related to a time-based attack using a SQL injection in the API REST `user token`. This can allow a remote attacker to exploit the vulnerability, potentially leading to server port scanning or other attacks. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** For versions prior to 10.0.4, upgrade to version 10.0.4 to resolve the issue. As a temporary workaround, consider disabling login with `user token` on API Rest to minimize the risk of exploitation.