Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9258

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2014-9258
Last Modified 17 Apr 2015 09:59:34
Published 19 Dec 2014 10:59:17
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2014-9258

Summary

SQL injection vulnerability in ajax/getDropdownValue.php in GLPI before 0.85.1 allows remote authenticated users to execute arbitrary SQL commands via the condition parameter.

Vulnerable Systems

Application

  • Glpi-project Glpi 0.85


References

CONFIRM - http://www.glpi-project.org/spip.php?page=annonce&id_breve=334&lang=en

EXPLOIT-DB - 35528

MISC - http://security.szurek.pl/glpi-085-blind-sql-injection.html

SECUNIA - 61367

OSVDB - 115957

MANDRIVA - MDVSA-2015:167

CONFIRM - http://advisories.mageia.org/MGASA-2015-0017.html

FEDORA - FEDORA-2014-17508

FEDORA - FEDORA-2014-17497

FEDORA - FEDORA-2014-17520


Last Updated: 27 May 2016 11:08:25