3 matches found
Teclib GLPI <= 9.3.3 - Unauthenticated SQL Injection
Teclib GLPI = 9.3.3 exposes a script /scripts/unlocktasks.php that incorrectly sanitizes user controlled data before using it in SQL queries. Thus, an attacker could abuse the affected feature to alter the semantic original SQL query and retrieve database records. id: CVE-2019-10232 info: name:...
UBUNTU-CVE-2019-10232
Teclib GLPI through 9.3.3 has SQL injection via the "cycle" parameter in /scripts/unlocktasks.php...
CVE-2019-10232
Teclib GLPI ≤ 9.3.3 is affected by an SQL injection in the cycle parameter of /scripts/unlock_tasks.php due to improper sanitization of user input, enabling retrieval of database records as per the Nuclei template and related advisories. The vulnerability is unauthenticated and impacts GLPI versi...