We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Attacker can simulate a login to any user having a defined API token, using an SQL injection in authentication process.
Upgrade GLPI to 10.0.3.
Disable Enable login with external token API configuration.
Enable login with external token
.
M00nBack Analyst
Impact
Attacker can simulate a login to any user having a defined API token, using an SQL injection in authentication process.
Patches
Upgrade GLPI to 10.0.3.
Workarounds
Disable
Enable login with external tokenAPI configuration.References
.