CVE-2019-10232
CRITICAL EXPLOITED NUCLEITeclib GLPI < 9.3.3 - SQL Injection via Cycle Parameter
Title source: llmExploitation Summary
CVE-2019-10232 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
Teclib GLPI through 9.3.3 has SQL injection via the "cycle" parameter in /scripts/unlock_tasks.php.
Nuclei Templates (1)
Teclib GLPI <= 9.3.3 - Unauthenticated SQL Injection
CRITICALby RedTeamBrasil
References (1)
Core 1
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/glpi-project/glpi/commit/684d4fc423652ec7dde21cac4d41c2df53f56b3c
Scores
CVSS v3
9.8
EPSS
0.2321
EPSS Percentile
97.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
VulnCheck KEV
2025-06-07
CWE
CWE-89
Status
published
Products (1)
teclib-edition/gestionnaire_libre_de_parc_informatique
< 9.3.3
Published
Mar 27, 2019
Tracked Since
Feb 18, 2026