Mayfly

**Name of the Vulnerable Software and Affected Versions** GLPI versions prior to 10.0.3 **Description** The htmlawed module in GLPI contains an issue related to improper input validation and code generation management. This allows a remote attacker to perform PHP code injection via the endpoint "/vendor/htmlawed/htmlawed/htmLawedTest.php". **Recommendations** Update to a version later than 10.0.2. As a temporary workaround, restrict access to the file "/vendor/htmlawed/htmlawed/htmLawedTest.php" to minimize the risk of exploitation.