# Exploit Title: GLPI v10.0.1 - Unauthenticated Sensitive Data Exposure
# Date: 11 Jun 2022
# Version: >=10.0.0 and < 10.0.2
# Author: Nuri Çilengir
# Vendor Homepage: https://glpi-project.org/
# Software Link: https://github.com/glpi-project/glpi
# Advisory: 
https://pentest.blog/advisory-glpi-service-management-software-sql-injection-remote-code-execution-and-local-file-inclusion/
# Tested on: Ubuntu 22.04
# CVE: CVE-2022-31068

-- 
*Nuri Çilengir*
/Cyber Security Consultant/

*PRODAFT SARL*
*CH:* Y-Parc, rue Galilée 7, 1400 Yverdon-les-Bains
*TR:* Sanayi Mah. Teknopark Istanbul 5. Blok K2 Pendik, Istanbul
*NL:* HSD Campus Wilhelmina van Pruisenweg 104, 2595 AN, Den Haag
GSM: (+90) 553 444 7080
E.:nuri[at]prodaft[dot]com
IN:/cilengirnuri



/* In case you think you’re not the designated recipient of the e-mail 
hereby; please delete it accordingly./
/** This e-mail may have been sent from a mobile device. Please contact 
me from my mobile, in case you notice an error in the content./
/PS. Feel free to contact me via Signal, Threema or Telegram; or ask for 
my public PGP key for high-profile cases that may require higher 
confidentiality./