从这个网页截图中获取到的关于漏洞的关键信息如下: Vulnerability Type: SQL Injection Before: Direct SQL injection vulnerability due to the use of a concatenation operator in the query string. After: Vulnerability mitigated by using a prepared statement. File Changed: Update affected lines +4 / -2. Commit Message: Code Changes: php $query = "SET lc_time_names = '" . $_SESSION['glpilanguage'] . "'; $DB->doQuery($query); php $query = "SET lc_time_names = ?"; $stmt = $DB->prepare($query); $stmt->bind_param("s", $_SESSION['glpilanguage']); $stmt->execute(); Author: Rom1-B Date: 2 weeks ago Status: Verified