SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  GLPI user_token SQL Injection

Category: WEB-ATTACKS      

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Time based attack using a SQL injection in api REST user_token. This issue has been patched, please upgrade to version 10.0.4. As a workaround, disable login with user_token on API Rest.

References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2443


Relevant Information