Yigit-Kiratli

**Name of the Vulnerable Software and Affected Versions** pluginsGLPI Database Inventory Plugin versions prior to 1.1.2 **Description** The Database Inventory Plugin for pluginsGLPI manages Teclib' inventory agents to inventory databases on workstations. Prior to version 1.1.2, user-controlled data is stored insecurely in the database via `computergroup` and is later unserialized on every page load, potentially allowing arbitrary PHP object instantiation. This requires database write access, which must be obtained through another issue or misconfiguration. **Recommendations** Update to pluginsGLPI Database Inventory Plugin version 1.1.2 or later.