[PDF] During a security assessement on a GLPI server, Synacktiv ninjas found multiple SQL injections allowing them to extract the admin password hash.

https://www.synacktiv.com/sites/default/files/2021-03/GLPI_FusionInventory_9.5.0_SQL_Injection.pdf