CVE-2021-44617
published 2022-03-28CVE-2021-44617: A SQL Injection vulnerability exits in the Ramo plugin for GLPI 9.4.6 via the idu parameter in plugins/ramo/ramoapirest.php/getOutdated.
PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
2.09%
79.3th percentile
A SQL Injection vulnerability exits in the Ramo plugin for GLPI 9.4.6 via the idu parameter in plugins/ramo/ramoapirest.php/getOutdated.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| glpi-project | glpi | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP requests targeting the path 'plugins/ramo/ramoapirest.php/getOutdated' with suspicious values in the 'idu' parameter, particularly those containing SQL injection patterns such as OR, AND, arithmetic expressions, or encoded characters (%20, =). ↗
- →Alert on the 'idu' parameter in GET requests to the Ramo plugin endpoint receiving a value of '-1' or negative integers, which is a common SQLi injection point indicator used in this exploit. ↗
- ·The vulnerability is specific to GLPI version 9.4.6 with the Ramo plugin installed. Verify the plugin is present before applying detections, as the endpoint will not exist on unaffected installations. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2022-03-28
Published