Severity: Critical
CVSS Score: 9.8
SQL injection exists in front/devicesoundcard.php in GLPI before 9.1.5 via the start parameter.