Impact
A SQL Injection vulnerability allow users with access rights to statistics or reports to extract all data from database and, in some cases write a webshell on the server.
Workarounds
Remove Assistance > Statistics
and Tools > Reports
read rights to every user.
Patches
Upgrade to 10.0.7
For more information
If you have any questions or comments about this advisory, mail us at glpi-security@ow2.org.
Impact
A SQL Injection vulnerability allow users with access rights to statistics or reports to extract all data from database and, in some cases write a webshell on the server.
Workarounds
Remove
Assistance > Statistics
andTools > Reports
read rights to every user.Patches
Upgrade to 10.0.7
For more information
If you have any questions or comments about this advisory, mail us at glpi-security@ow2.org.