EUVD-2017-1257

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

Gitlab versions 10.1, 10.2, and 10.2.4 are vulnerable to SQL injection exposing database data.

Reporter	Title	Published	Views	Family All 9
CNVD	Gitlab SQL Injection Vulnerability	22 Mar 201800:00	–	cnvd
CVE	CVE-2017-0914	21 Mar 201820:00	–	cve
Cvelist	CVE-2017-0914	21 Mar 201820:00	–	cvelist
Debian CVE	CVE-2017-0914	21 Mar 201820:00	–	debiancve
Hacker One	GitLab: SQL injection in MilestoneFinder order method	15 Dec 201703:15	–	hackerone
NVD	CVE-2017-0914	21 Mar 201820:29	–	nvd
OpenVAS	GitLab 9.4.x - 9.5.10, 10.x - 10.1.5, 10.2.x - 10.2.5, 10.3.x - 10.3.3 SQLi Vulnerability	28 Mar 202200:00	–	openvas
Prion	Sql injection	21 Mar 201820:29	–	prion
UbuntuCve	CVE-2017-0914	21 Mar 201820:29	–	ubuntucve

[
  {
    "enisaIdVendor": [
      {
        "id": "9e5be5f3-0e07-3382-9d36-4eb6da94752d",
        "vendor": {
          "name": "GitLab"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "0a4a1b1f-0a32-39cc-836f-c835bdcbdb59",
        "product": {
          "name": "GitLab Community and Enterprise Editions"
        },
        "product_version": "10.3.0 - 10.3.3 Fixed in 10.3.4"
      },
      {
        "id": "b07be06e-f64e-3a14-9b72-15d5bfa78936",
        "product": {
          "name": "GitLab Community and Enterprise Editions"
        },
        "product_version": "9.1.0 - 10.1.5 Fixed in 10.1.6"
      },
      {
        "id": "cbc016a8-d4db-3f0c-9e52-cb2adce19f4a",
        "product": {
          "name": "GitLab Community and Enterprise Editions"
        },
        "product_version": "10.2.0 - 10.2.5 Fixed in 10.2.6"
      }
    ]
  }
]

Source	Link
hackerone	www.hackerone.com/reports/298176
about	www.about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

7.5High risk

Vulners AI Score7.5

CVSS 37.5

CVSS 25

EPSS0.00172

gitlab vulnerabilities sql injection milestonefinder database security