Vadymsoroka

**Name of the Vulnerable Software and Affected Versions** GLPI versions prior to 9.5.4 **Description** The issue allows a non-authenticated user to remotely instantiate objects of any class in the GLPI environment, potentially leading to malicious attacks or the start of a "POP chain". This affects the integrity of the GLPI core platform and third-party plugins runtime, particularly those with sensitive operations in their constructors or destructors. **Recommendations** For versions prior to 9.5.4, update to version 9.5.4 to resolve the issue. As a temporary workaround, consider restricting access to sensitive classes and their constructors or destructors to minimize the risk of exploitation.