PT-2026-25960 · WordPress+1 · Glpi Inventory Plugin+1
Sofianeelhor
·
Published
2026-03-17
·
Updated
2026-05-24
·
CVE-2026-26001
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
GLPI Inventory Plugin versions prior to 1.6.6
Description
The GLPI Inventory Plugin manages network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to version 1.6.6, unsanitized user input could lead to an SQL injection when generating reports, requiring appropriate permissions. The
reports functionality is susceptible to this issue due to improper handling of user-supplied data.Recommendations
Upgrade to GLPI Inventory Plugin version 1.6.6 or later.
Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Glpi Inventory Plugin
Red Os