cbcvebase.
CVE-2021-44617
published 2022-03-28

CVE-2021-44617: A SQL Injection vulnerability exits in the Ramo plugin for GLPI 9.4.6 via the idu parameter in plugins/ramo/ramoapirest.php/getOutdated.

PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
2.09%
79.3th percentile
A SQL Injection vulnerability exits in the Ramo plugin for GLPI 9.4.6 via the idu parameter in plugins/ramo/ramoapirest.php/getOutdated.

Affected

1 ranges
VendorProductVersion rangeFixed in
glpi-projectglpi

Detection & IOCsextracted from sources · hover to see the quote

pathplugins/ramo/ramoapirest.php/getOutdated
commandsqlmap -u "url/plugins/ramo/ramoapirest.php/getOutdated?idu=-1"
  • Monitor HTTP requests targeting the path 'plugins/ramo/ramoapirest.php/getOutdated' with suspicious values in the 'idu' parameter, particularly those containing SQL injection patterns such as OR, AND, arithmetic expressions, or encoded characters (%20, =).
  • Alert on the 'idu' parameter in GET requests to the Ramo plugin endpoint receiving a value of '-1' or negative integers, which is a common SQLi injection point indicator used in this exploit.
  • ·The vulnerability is specific to GLPI version 9.4.6 with the Ramo plugin installed. Verify the plugin is present before applying detections, as the endpoint will not exist on unaffected installations.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.