CVE-2014-9258

SQL injection vulnerability in ajax/getDropdownValue.php in GLPI before 0.85.1 allows remote authenticated users to execute arbitrary SQL commands via the condition parameter.

Date published : 2014-12-19

http://advisories.mageia.org/MGASA-2015-0017.html

http://www.glpi-project.org/spip.php?page=annonce&id_breve=334&lang=en