CVE-2016-7508

Name of the Vulnerable Software and Affected Versions GLPI version 0.90.4

Description The issue allows an authenticated remote attacker to execute arbitrary SQL commands by using a certain character when the database is configured to use Big5 Asian encoding. This is due to multiple SQL injection vulnerabilities.

Recommendations For GLPI version 0.90.4, consider updating to a newer version that addresses the SQL injection vulnerabilities, or as a temporary workaround, restrict access to the database when it is configured to use Big5 Asian encoding to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.