ID:1251 - Exploit for SQL injection in GLPI - CVE-2016-7508
Published: March 18, 2020
Vulnerability identifier: #VU7221
Vulnerability risk: Low
CVE-ID: CVE-2016-7508
CWE-ID: CWE-89
Exploitation vector: Remote access
Vulnerable software:
GLPI
GLPI
Link to public exploit:
Vulnerability description
The vulnerability allows a remote authenticated attacker to execute arbitrary SQL commands.
The weakness exists due to improper validation of user-supplied input. A remote attacker can supply a specially crafted character when the database is configured to use Big5 Asian encoding and execute arbitrary SQL commands on the system.
The weakness exists due to improper validation of user-supplied input. A remote attacker can supply a specially crafted character when the database is configured to use Big5 Asian encoding and execute arbitrary SQL commands on the system.
Remediation
Install update from vendor's website.