Rootjog

**Name of the Vulnerable Software and Affected Versions** glpi-screenshot-plugin versions prior to 2.0.2 **Description** The glpi-screenshot-plugin allows users to take screenshots or screen recordings directly from GLPI. Authenticated users can use the `/ajax/screenshot.php` endpoint to leak files from the system or use PHP wrappers in versions prior to 2.0.2. **Recommendations** Update to glpi-screenshot-plugin version 2.0.2 or later.

**Name of the Vulnerable Software and Affected Versions** GLPI versions prior to 10.0.18 **Description** The issue allows an administrator user to perform a SQL injection through the rules configuration forms. **Recommendations** For versions prior to 10.0.18, update to version 10.0.18 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** GLPI versions 0.71 through 10.0.17 **Description** The issue allows an anonymous user to fetch sensitive information from the "status.php" endpoint. There is no information about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For versions 0.71 through 10.0.17, update to version 10.0.18 to resolve the issue. As a temporary workaround, consider deleting the "status.php" file or restricting its access until a patch is available. Alternatively, remove any sensitive values from the `name` field of the active LDAP directories, mail servers authentication providers, and mail receivers.

Name of the Vulnerable Software and Affected Versions: Tasklists versions prior to 2.0.4 Description: The issue is related to a blind SQL injection vulnerability. Tasklists provides plugin tasklists for GLPI. Versions prior to 2.0.4 are affected. Recommendations: For versions prior to 2.0.4, update to version 2.0.4 to resolve the issue. As a temporary workaround, consider restricting access to sensitive database queries until the patch is applied.