CVE-2026-11321
MEDIUM SEVERITYCVSS Score & Metrics
Base Score
6.4 / 10
Vector String
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Vulnerability Description
The DataInjection plugin for GLPI 2.15.6 (GLPI 11 builds) concatenates user-supplied CSV field values directly into SQL queries during CSV import, without parameterization or escaping, resulting in authenticated SQL injection. An authenticated user with access to the Data injection feature can embed SQL expressions such as SLEEP() in a mapped field (for example Serial Number) to manipulate the generated query and extract database information via time-based blind injection.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-89
Source
NVD
Vendor
pluginsGLPI
Product
datainjection
External References
- https://github.com/pluginsGLPI/datainjection
- https://github.com/pluginsGLPI/datainjection/releases/tag/2.15.7
- https://github.com/pluginsGLPI/datainjection/security/advisories/GHSA-57qv-j6r6-pcc4
- https://www.vulncheck.com/advisories/glpi-datainjection-plugin-authenticated-sql-injection-via-csv-import
Discussion (0)
Add Comment
No comments yet. Be the first!