From 19f522f9e5ae182f7f898e97868b98d52b9a07c6 Mon Sep 17 00:00:00 2001
From: GitHub Action <action@github.com>
Date: Sat, 13 Nov 2021 14:29:44 +0000
Subject: [PATCH] Auto Generated CVE annotations [Sat Nov 13 14:29:44 UTC 2021]
 :robot:

---
 cves/2019/CVE-2019-10232.yaml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/cves/2019/CVE-2019-10232.yaml b/cves/2019/CVE-2019-10232.yaml
index 91804d9ee4..f9b9155fc7 100644
--- a/cves/2019/CVE-2019-10232.yaml
+++ b/cves/2019/CVE-2019-10232.yaml
@@ -3,12 +3,17 @@ id: CVE-2019-10232
 info:
   name: Pre-authenticated SQL injection in GLPI <= 9.3.3
   author: RedTeamBrasil
-  severity: high
+  severity: critical
   description: Synacktiv discovered that GLPI exposes a script (/scripts/unlock_tasks.php) that not correctly sanitize usercontrolled data before using it in SQL queries. Thus, an attacker could abuse the affected feature to alter the semantic original SQL query and retrieve database records. This script is reachable without authentication.
   reference:
     - https://www.synacktiv.com/ressources/advisories/GLPI_9.3.3_SQL_Injection.pdf
     - https://github.com/glpi-project/glpi/commit/684d4fc423652ec7dde21cac4d41c2df53f56b3c
   tags: cve,cve2019,glpi,sqli
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.80
+    cve-id: CVE-2019-10232
+    cwe-id: CWE-89
 
 requests:
   - method: GET