daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Auto Generated CVE annotations [Sat Nov 13 14:29:44 UTC 2021] 🤖

patch-1
GitHub Action 2021-11-13 14:29:44 +00:00
parent a2f074dd67
commit 19f522f9e5
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
cves/2019/CVE-2019-10232.yaml
View File

@ -3,12 +3,17 @@ id: CVE-2019-10232
info:
name: Pre-authenticated SQL injection in GLPI <= 9.3.3
author: RedTeamBrasil
severity: high
severity: critical
description: Synacktiv discovered that GLPI exposes a script (/scripts/unlock_tasks.php) that not correctly sanitize usercontrolled data before using it in SQL queries. Thus, an attacker could abuse the affected feature to alter the semantic original SQL query and retrieve database records. This script is reachable without authentication.
reference:
- https://www.synacktiv.com/ressources/advisories/GLPI_9.3.3_SQL_Injection.pdf
- https://github.com/glpi-project/glpi/commit/684d4fc423652ec7dde21cac4d41c2df53f56b3c
tags: cve,cve2019,glpi,sqli
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2019-10232
cwe-id: CWE-89
requests:
- method: GET