CVE-2019-10232: SQL Injection
First published: Wed Mar 27 2019(Updated: )
Teclib GLPI through 9.3.3 has SQL injection via the "cycle" parameter in /scripts/unlock_tasks.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GLPI | <=9.3.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2019-10232?
CVE-2019-10232 is a vulnerability in Teclib GLPI through version 9.3.3 that allows for SQL injection via the "cycle" parameter in /scripts/unlock_tasks.php.
How severe is CVE-2019-10232?
CVE-2019-10232 has a severity rating of 9.8 (critical).
What software versions are affected by CVE-2019-10232?
Teclib GLPI versions up to 9.3.3 are affected by CVE-2019-10232.
How can I fix CVE-2019-10232?
Update Teclib GLPI to a version beyond 9.3.3, which contains a fix for this vulnerability.
What is the Common Weakness Enumeration (CWE) for CVE-2019-10232?
The CWE for CVE-2019-10232 is CWE-89, which refers to improper neutralization of special elements used in an SQL command ('SQL Injection').
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/remedy
- agent/severity
- agent/author
- agent/references
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/teclib-edition
- canonical/glpi
- version/glpi/9.3.3