diff --git a/modules/vulnerabilities/unix/http/glpi_php_injection/manifests/apache.pp b/modules/vulnerabilities/unix/http/glpi_php_injection/manifests/apache.pp
index d0bcb6d7c..07cafe3f6 100644
--- a/modules/vulnerabilities/unix/http/glpi_php_injection/manifests/apache.pp
+++ b/modules/vulnerabilities/unix/http/glpi_php_injection/manifests/apache.pp
@@ -2,8 +2,9 @@
 # Apache configuration
 #
 class glpi_php_injection::apache {
-  $port = '80'
-  $docroot = '/var/www/html/glpi'
+  $secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file)
+  $port = $secgen_parameters['port'][0]
+  $docroot = '/var/www/html/'
 
   Exec { path => ['/bin', '/usr/bin', '/usr/local/bin', '/sbin', '/usr/sbin'] }
 
diff --git a/modules/vulnerabilities/unix/http/glpi_php_injection/manifests/configure.pp b/modules/vulnerabilities/unix/http/glpi_php_injection/manifests/configure.pp
index 1523901e7..c5903f19f 100644
--- a/modules/vulnerabilities/unix/http/glpi_php_injection/manifests/configure.pp
+++ b/modules/vulnerabilities/unix/http/glpi_php_injection/manifests/configure.pp
@@ -2,12 +2,9 @@
 # Configuration for glpi/ Secgen
 #
 class glpi_php_injection::configure {
-  $leaked_filenames = ['flagtest']
-  $strings_to_leak = ['this is a list of strings that are secrets / flags','another secret'] ##$secgen_parameters['strings_to_leak']
-  $known_username = 'admin' ##$secgen_parameters['known_username'][0]
-  $known_password = 'password' ##$secgen_parameters['known_password'][0]
-  $strings_to_pre_leak =  ['The username is admin', 'The password is password'] ##$secgen_parameters['strings_to_pre_leak']
-  $web_pre_leak_filename = 'TODO' ##$secgen_parameters['web_pre_leak_filename'][0]
+  $secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file)
+  $leaked_filenames = $secgen_parameters['leaked_filenames']
+  $strings_to_leak = $secgen_parameters['strings_to_leak']
 
   ::secgen_functions::leak_files { 'glpi-flag-leak':
     storage_directory => '/var/www/html/glpi/',
diff --git a/modules/vulnerabilities/unix/http/glpi_php_injection/manifests/maria.pp b/modules/vulnerabilities/unix/http/glpi_php_injection/manifests/maria.pp
index f089dc1cb..734451f34 100644
--- a/modules/vulnerabilities/unix/http/glpi_php_injection/manifests/maria.pp
+++ b/modules/vulnerabilities/unix/http/glpi_php_injection/manifests/maria.pp
@@ -2,6 +2,8 @@
 # maria db install and configuration
 #
 class glpi_php_injection::maria {
+  $secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file)
+  $port = $secgen_parameters['port'][0]
   Exec { path => [ '/bin/', '/sbin/' , '/usr/bin/', '/usr/sbin/' ] }
 
   $db_name = 'glpidb'
@@ -36,7 +38,7 @@ class glpi_php_injection::maria {
   # See: https://glpi-install.readthedocs.io/en/latest/command-line.html#cdline-install
   -> exec { 'glpi-cli-install':
     cwd       => '/var/www/html/glpi/bin/',
-    command   => "php console db:install -f -H localhost -P 80 -d ${db_name} -u ${db_user} -p ${db_pass}",
+    command   => "php console db:install -f -H localhost -P ${port} -d ${db_name} -u ${db_user} -p ${db_pass}",
     logoutput => true,
   }
 }
diff --git a/modules/vulnerabilities/unix/http/glpi_php_injection/secgen_metadata.xml b/modules/vulnerabilities/unix/http/glpi_php_injection/secgen_metadata.xml
index f22b595b2..cc2152704 100644
--- a/modules/vulnerabilities/unix/http/glpi_php_injection/secgen_metadata.xml
+++ b/modules/vulnerabilities/unix/http/glpi_php_injection/secgen_metadata.xml
@@ -28,7 +28,7 @@
   <read_fact>web_pre_leak_filename</read_fact>
 
   <default_input into="port">
-    <value>80</value>
+    <generator module_path=".*/random_unregistered_port" />
   </default_input>
 
   <!-- flags or other secrets exposed after exploitation -->
@@ -40,57 +40,24 @@
     <generator type="filename_generator" />
   </default_input>
 
-  <!-- these details need to be known or bruteforced to successful exploit the service -->
-  <!-- By default the username is admin, but it can be something else, so long as they can easily
-  guess it (for example leak it to them) -->
-  <default_input into="known_username">
-    <!-- <generator type="random_sanitised_word">
-			<input into="wordlist">
-    <value>admin_name</value>
-			</input>
-		</generator> -->
-    <value>admin</value>
-  </default_input>
-
-  <default_input into="known_password">
-    <generator type="weak_password_generator" />
-  </default_input>
-
-  <!-- pre-leaked, these details are leaked before the main vuln is exploited, for example hidden
-  content or hosted files -->
-  <default_input into="strings_to_pre_leak">
-    <generator type="message_generator" />
-  </default_input>
-
-  <!-- ideally something found by dirbuster -->
-  <default_input into="web_pre_leak_filename">
-    <generator type="random_sanitised_word">
-      <input into="wordlist">
-        <value></value>
-      </input>
-    </generator>
-  </default_input>
-
-  <!--optional vulnerability details-->
+  <!--optional
+  vulnerability details-->
   <cve>CVE-2022-35914</cve>
   <cvss_base_score>9.8</cvss_base_score>
-  <cvss_vector>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</cvss_vector>
-  <software_name>GLPI Management Suite</software_name>
-  <software_license>GNU GPLv3</software_license>
+  <cvss_vector>AV:N/AC:L/Au:N/C:C/I:C/A:C</cvss_vector>
   <reference>
     https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/glpi_htmlawed_php_injection.rb</reference>
   <reference>
     https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/exploit/linux/http/glpi_htmlawed_php_injection.md</reference>
-
-  <!--optional hints-->
-  <hint></hint>
+  <software_name>GLPI Management Suite</software_name>
+  <software_license>GNU GPLv3</software_license>
 
   <requires>
-    <module_path>services/unix/http/apache_stretch_compatible/apache</module_path>
+    <module_path>.*apache.*compatible.*</module_path>
   </requires>
 
   <requires>
-    <module_path>services/unix/database/mysql_stretch_compatible/mysql</module_path>
+    <module_path>.*mysql.*compatible.*</module_path>
   </requires>
 
 </vulnerability>
\ No newline at end of file