CVE-2021-44617: 
GLPI vulnerability analysis and mitigation

A SQL Injection vulnerability exists in the Ramo plugin for GLPI 9.4.6 via the idu parameter in plugins/ramo/ramoapirest.php/getOutdated (NVD). The vulnerability was assigned CVE-2021-44617 and was disclosed in March 2022.

The vulnerability has been assigned a CVSS v3.1 base score of 9.8 CRITICAL with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified as CWE-89, which refers to Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'). The attack vector is network-accessible, requires low attack complexity, needs no privileges, and requires no user interaction (NVD).

If exploited, this vulnerability could allow an attacker to execute arbitrary SQL commands on the underlying database, potentially leading to unauthorized access, data manipulation, or data disclosure. The CVSS score of 9.8 indicates high impact potential across confidentiality, integrity, and availability (NVD).

Users should upgrade to a patched version of the GLPI Ramo plugin. The vulnerability affects GLPI version 9.4.6, and users should ensure they are running a newer, secure version of the software (NVD).