Lucene search

MitreCVE-2016-7508

HistoryJun 21, 2017 - 8:29 p.m.

CVE-2016-7508

2017-06-2120:29:00

CWE-89

mitre

web.nvd.nist.gov

cve

2016

7508

sql injection

glpi

nvd

vulnerability

remote attacker

asian encoding

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

47.7%

JSON

Multiple SQL injection vulnerabilities in GLPI 0.90.4 allow an authenticated remote attacker to execute arbitrary SQL commands by using a certain character when the database is configured to use Big5 Asian encoding.

Affected configurations

Nvd

Node

glpi-projectglpiMatch0.90.4

VendorProductVersionCPE
glpi-projectglpi0.90.4cpe:2.3:a:glpi-project:glpi:0.90.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
glpi-project	glpi	0.90.4	cpe:2.3:a:glpi-project:glpi:0.90.4:::::::*

References

github.com/glpi-project/glpi/issues/1047

www.exploit-db.com/exploits/42262/

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

47.7%

JSON

Related for CVE-2016-7508