CVE-2021-44617

A SQL Injection vulnerability exits in the Ramo plugin for GLPI 9.4.6 via the idu parameter in plugins/ramo/ramoapirest.php/getOutdated.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:glpi-project:glpi:9.4.6:*:*:*:*:*:*:*

History

30 Mar 2022, 15:29

Type Values Removed Values Added
References (MISC) http://packetstormsecurity.com/files/166285/Baixar-GLPI-Project-9.4.6-SQL-Injection.html - (MISC) http://packetstormsecurity.com/files/166285/Baixar-GLPI-Project-9.4.6-SQL-Injection.html - Exploit, Third Party Advisory, VDB Entry
CPE cpe:2.3:a:glpi-project:glpi:9.4.6:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 7.5
v3 : 9.8
CWE CWE-89

28 Mar 2022, 02:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-03-28 02:15

Updated : 2024-02-04 22:29


NVD link : CVE-2021-44617

Mitre link : CVE-2021-44617

CVE.ORG link : CVE-2021-44617


JSON object : View

Products Affected

glpi-project

  • glpi
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')