cvedb.io
CVE-2022-31082
MEDIUM · CVSS 5.8
EPSS exploitation probability: 0%
Published 2022-06-27T21:15:08.097 · Last modified 2026-06-17T04:44:45.493

Summary

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. glpi-inventory-plugin is a plugin for GLPI to handle inventory management. In affected versions a SQL injection can be made using package deployment tasks. This issue has been resolved in version 1.0.2. Users are advised to upgrade. Users unable to upgrade should delete the `front/deploypackage.public.php` file if they are not using the `deploy tasks` feature.

Affected products

glpi-project — glpi_inventory

Does this affect you?

Add your gear to cvedb and we'll alert you only when glpi-project ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.