CVE-2022-31082

Name of the Vulnerable Software and Affected Versions glpi-inventory-plugin versions prior to 1.0.2

Description The issue concerns a SQL injection vulnerability in the glpi-inventory-plugin for GLPI, a free asset and IT management software package. This vulnerability can be exploited using package deployment tasks. The estimated number of potentially affected devices is not provided. There is no information about real-world incidents where this issue was exploited. Technical details about exploitation include the use of the front/deploypackage.public.php file and the deploy tasks feature.

Recommendations For versions prior to 1.0.2, upgrade to version 1.0.2 to resolve the issue. As a temporary workaround for users unable to upgrade, delete the front/deploypackage.public.php file if the deploy tasks feature is not being used.