CVE-2019-10232
published 2019-03-27CVE-2019-10232: Teclib GLPI through 9.3.3 has SQL injection via the "cycle" parameter in /scripts/unlock_tasks.php.
PriorityP182critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
23.21%
97.5th percentile
Teclib GLPI through 9.3.3 has SQL injection via the "cycle" parameter in /scripts/unlock_tasks.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| teclib-edition | gestionnaire_libre_de_parc_informatique | <= 9.3.3 | — |
Detection & IOCsextracted from sources · hover to see the quote
url{{BaseURL}}/glpi/scripts/unlock_tasks.php?cycle=1%20UNION%20ALL%20SELECT%201,(@@version)--%20&only_tasks=1
url{{BaseURL}}/scripts/unlock_tasks.php?cycle=1%20UNION%20ALL%20SELECT%201,(@@version)--%20&only_tasks=1
commandcycle=1 UNION ALL SELECT 1,(@@version)-- &only_tasks=1
- →Match HTTP response body for both '-MariaDB-' string AND 'Start unlock script' string simultaneously to confirm successful SQL injection exploitation.
- →Extract MariaDB version string from response body using regex pattern to confirm data exfiltration via UNION-based SQLi.
- →The vulnerable endpoint /scripts/unlock_tasks.php is unauthenticated — no session or credentials are required to exploit the SQL injection via the 'cycle' GET parameter.
- →Check for both /glpi/scripts/unlock_tasks.php and /scripts/unlock_tasks.php path variants, as GLPI may be installed at the web root or under a /glpi/ subdirectory.
- ·The detection template uses stop-at-first-match, meaning only the first matching path variant (/glpi/scripts/... or /scripts/...) will be tested per target; ensure both paths are checked if scanning at scale.
- ·The detection relies on MariaDB-specific response strings; installations backed by MySQL or other database engines will not trigger the '-MariaDB-' body match, potentially causing false negatives.
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hf3r-7c2r-pvhg: Teclib GLPI through 9
ghsa_unreviewed·2022-05-14
CVE-2019-10232 [CRITICAL] CWE-89 GHSA-hf3r-7c2r-pvhg: Teclib GLPI through 9
Teclib GLPI through 9.3.3 has SQL injection via the "cycle" parameter in /scripts/unlock_tasks.php.
OSV
CVE-2019-10232: Teclib GLPI through 9
osv·2019-03-27·CVSS 9.8
CVE-2019-10232 [CRITICAL] CVE-2019-10232: Teclib GLPI through 9
Teclib GLPI through 9.3.3 has SQL injection via the "cycle" parameter in /scripts/unlock_tasks.php.
VulnCheck
teclib-edition gestionnaire_libre_de_parc_informatique Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
vulncheck·2019·CVSS 9.8
CVE-2019-10232 [CRITICAL] teclib-edition gestionnaire_libre_de_parc_informatique Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
teclib-edition gestionnaire_libre_de_parc_informatique Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Teclib GLPI through 9.3.3 has SQL injection via the "cycle" parameter in /scripts/unlock_tasks.php.
Affected: teclib-edition gestionnaire_libre_de_parc_informatique
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://app.crowdsec.net/cti/cve-explorer/CVE-2019-10232
No detection rules found.
Nuclei
Teclib GLPI <= 9.3.3 - Unauthenticated SQL Injection
nuclei·CVSS 9.8
CVE-2019-10232 [CRITICAL] Teclib GLPI <= 9.3.3 - Unauthenticated SQL Injection
Teclib GLPI <= 9.3.3 - Unauthenticated SQL Injection
Teclib GLPI <= 9.3.3 exposes a script (/scripts/unlock_tasks.php) that incorrectly sanitizes user controlled data before using it in SQL queries. Thus, an attacker could abuse the affected feature to alter the semantic original SQL query and retrieve database records.
Template:
id: CVE-2019-10232
info:
name: Teclib GLPI <= 9.3.3 - Unauthenticated SQL Injection
author: RedTeamBrasil
severity: critical
description: Teclib GLPI <= 9.3.3 exposes a script (/scripts/unlock_tasks.php) that incorrectly sanitizes user controlled data before using it in SQL queries. Thus, an attacker could abuse the affected feature to alter the semantic original SQL query and retrieve database records.
impact: |
Successful exploitation of this vulnerability c
2019-03-27
Published
Exploited in the wild