Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-7508 — SQL Injection in Glpi

CWE-89 — SQL Injection4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.4%

top 41.28%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Glpi-project Glpi

Timeline

PublishedJun 21

Latest updateMay 17

Description

Multiple SQL injection vulnerabilities in GLPI 0.90.4 allow an authenticated remote attacker to execute arbitrary SQL commands by using a certain character when the database is configured to use Big5 Asian encoding.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages1 packages

▶NVDglpi-project/glpi0.90.4

🔴Vulnerability Details

GHSA

GHSA-8vx9-fq6p-x4r8: Multiple SQL injection vulnerabilities in GLPI 0↗2022-05-17

▶

OSV

CVE-2016-7508: Multiple SQL injection vulnerabilities in GLPI 0↗2017-06-21

▶

💥Exploits & PoCs

Exploit-DB

GLPI 0.90.4 - SQL Injection↗2017-06-27

▶