Skip to main content

GLPI DataInjection EUVDEUVD-2026-42993

| CVE-2026-11321 HIGH
SQL Injection (CWE-89)
2026-07-10 VulnCheck GHSA-q93h-qc46-87rr
7.1
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
7.1 HIGH
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.2 MEDIUM

Network-reachable low-complexity injection, but gated by high import privileges (PR:H) and an operator-triggered import (UI:R); demonstrated primitive is blind data read (C:H) with only plausible limited write (I:L).

3.1 AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N
4.0 AV:N/AC:L/AT:P/PR:H/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
A
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jul 10, 2026 - 19:53 vuln.today

DescriptionCVE.org

The DataInjection plugin for GLPI 2.15.6 (GLPI 11 builds) concatenates user-supplied CSV field values directly into SQL queries during CSV import, without parameterization or escaping, resulting in authenticated SQL injection. An authenticated user with access to the Data injection feature can embed SQL expressions such as SLEEP() in a mapped field (for example Serial Number) to manipulate the generated query and extract database information via time-based blind injection.

AnalysisAI

Authenticated SQL injection in the GLPI DataInjection plugin 2.15.6 (GLPI 11 builds) lets an operator with access to the Data injection feature smuggle SQL into the database by placing expressions in CSV field values, which the import routine concatenates directly into queries without parameterization or escaping (CWE-89). By mapping a payload such as SLEEP() to a field like Serial Number, an attacker performs time-based blind extraction of arbitrary database contents. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate as user with Data injection rights
Delivery
Craft CSV with SLEEP() in mapped field
Exploit
Import file via DataInjection plugin
Execution
Payload concatenated into SQL query
Persist
Observe response timing (blind)
Impact
Extract database contents

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated GLPI user who holds the profile permission to access the Data injection feature (per CVSS PR:H), and it requires that user to actively perform a CSV import of an attacker-crafted file (per UI:A / AT:P) - the payload must be placed in a mapped importable field such as Serial Number. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The signals point to a moderate, not critical, real-world priority. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A helpdesk or asset-management operator who legitimately holds the Data injection permission (or an attacker who has compromised such an account) crafts a CSV file where a mapped field such as Serial Number contains an SQL payload like a SLEEP() expression. When the file is imported through the plugin, the value is concatenated into the generated query and executed, and by observing response timing the attacker performs time-based blind extraction of database contents. …
Remediation Upgrade the plugin to the fixed release - Vendor-released patch: 2.15.7 (https://github.com/pluginsGLPI/datainjection/releases/tag/2.15.7) - which is the primary and complete fix. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: identify all user accounts with Data Injection feature access and review recent import logs for suspicious activity. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-42993 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy