Teclib GLPI through 9.3.3 has SQL injection via the "cycle" parameter in /scripts/unlock_tasks.php.
References
Link | Resource |
---|---|
https://github.com/glpi-project/glpi/commit/684d4fc423652ec7dde21cac4d41c2df53f56b3c | Patch Third Party Advisory |
https://github.com/glpi-project/glpi/commit/684d4fc423652ec7dde21cac4d41c2df53f56b3c | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 04:18
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/glpi-project/glpi/commit/684d4fc423652ec7dde21cac4d41c2df53f56b3c - Patch, Third Party Advisory |
Information
Published : 2019-03-27 17:29
Updated : 2024-11-21 04:18
NVD link : CVE-2019-10232
Mitre link : CVE-2019-10232
CVE.ORG link : CVE-2019-10232
JSON object : View
Products Affected
teclib-edition
- gestionnaire_libre_de_parc_informatique
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')