CVE-2013-2226

Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow remote attackers to execute arbitrary SQL commands via the (1) users_id_assign parameter to ajax/ticketassigninformation.php, (2) filename parameter to front/document.form.php, or (3) table parameter to ajax/comments.php.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
VendorProductVersion
glpi-projectglpi
𝑥
≤ 0.83.8
glpi-projectglpi
0.83
glpi-projectglpi
0.83.1
glpi-projectglpi
0.83.2
glpi-projectglpi
0.83.3
glpi-projectglpi
0.83.4
glpi-projectglpi
0.83.5
glpi-projectglpi
0.83.6
glpi-projectglpi
0.83.7
glpi-projectglpi
0.83.31
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
glpi
zesty
dne
yakkety
not-affected
xenial
not-affected
wily
not-affected
vivid
not-affected
utopic
not-affected
trusty
dne
saucy
not-affected
raring
ignored
quantal
ignored
precise
ignored
lucid
ignored
Common Weakness Enumeration
References
http://www.glpi-project.org/spip.php?page=annonce&id_breve=297&lang=en&debut_autres_breves=
http://www.securityfocus.com/bid/60693
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5146.php
http://www.glpi-project.org/spip.php?page=annonce&id_breve=297&lang=en&debut_autres_breves=
http://www.securityfocus.com/bid/60693
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5146.php