Tpierru

**Name of the Vulnerable Software and Affected Versions** GLPI versions prior to 10.0.17 **Description** The issue is related to a SQL injection vulnerability in the ticket form of GLPI, a free asset and IT management software package. An authenticated user can exploit this vulnerability, potentially allowing a remote attacker to perform SQL injections. The vulnerability is due to a lack of protection measures for the SQL query structure. **Recommendations** For versions prior to 10.0.17, upgrade to version 10.0.17 to resolve the issue. As a temporary workaround, consider restricting access to the ticket form until the upgrade is applied.