Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-2226

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2013-2226
Last Modified 15 May 2014 08:44:27
Published 14 May 2014 03:55:08
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2013-2226

Summary

Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow remote attackers to execute arbitrary SQL commands via the (1) users_id_assign parameter to ajax/ticketassigninformation.php, (2) filename parameter to front/document.form.php, or (3) table parameter to ajax/comments.php.

Vulnerable Systems

Application

  • Glpi-project Glpi 0.83

  • Glpi-project Glpi 0.83.1

  • Glpi-project Glpi 0.83.2

  • Glpi-project Glpi 0.83.3

  • Glpi-project Glpi 0.83.31

  • Glpi-project Glpi 0.83.4

  • Glpi-project Glpi 0.83.5

  • Glpi-project Glpi 0.83.6

  • Glpi-project Glpi 0.83.7

  • Glpi-project Glpi 0.83.8


References

MISC - http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5146.php

BID - 60693

MISC - http://www.glpi-project.org/spip.php?page=annonce&id_breve=297&lang=en&debut_autres_breves=


Last Updated: 27 May 2016 11:05:17