CVE-2013-5696

inc/central.class.php in GLPI before 0.84.2 does not attempt to make install/install.php unavailable after an installation is completed, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and (1) perform a SQL injection via an Etape_4 action or (2) execute arbitrary PHP code via an update_1 action.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
VendorProductVersion
glpi-projectglpi
𝑥
≤ 0.84.1
glpi-projectglpi
0.5
glpi-projectglpi
0.5:rc1
glpi-projectglpi
0.5:rc2
glpi-projectglpi
0.6
glpi-projectglpi
0.6:rc1
glpi-projectglpi
0.6:rc2
glpi-projectglpi
0.6:rc3
glpi-projectglpi
0.20
glpi-projectglpi
0.21
glpi-projectglpi
0.30
glpi-projectglpi
0.31
glpi-projectglpi
0.40
glpi-projectglpi
0.41
glpi-projectglpi
0.42
glpi-projectglpi
0.51
glpi-projectglpi
0.51a:a
glpi-projectglpi
0.65
glpi-projectglpi
0.65:rc1
glpi-projectglpi
0.65:rc2
glpi-projectglpi
0.68
glpi-projectglpi
0.68:rc1
glpi-projectglpi
0.68:rc2
glpi-projectglpi
0.68:rc3
glpi-projectglpi
0.68.1
glpi-projectglpi
0.68.2
glpi-projectglpi
0.68.3
glpi-projectglpi
0.70
glpi-projectglpi
0.70:rc1
glpi-projectglpi
0.70:rc2
glpi-projectglpi
0.70:rc3
glpi-projectglpi
0.70.1
glpi-projectglpi
0.70.2
glpi-projectglpi
0.71
glpi-projectglpi
0.71.1
glpi-projectglpi
0.71.1:rc1
glpi-projectglpi
0.71.1:rc2
glpi-projectglpi
0.71.1:rc3
glpi-projectglpi
0.71.2
glpi-projectglpi
0.71.3
glpi-projectglpi
0.71.4
glpi-projectglpi
0.71.5
glpi-projectglpi
0.71.6
glpi-projectglpi
0.72
glpi-projectglpi
0.72:rc1
glpi-projectglpi
0.72:rc2
glpi-projectglpi
0.72:rc3
glpi-projectglpi
0.72.1
glpi-projectglpi
0.72.2
glpi-projectglpi
0.72.3
glpi-projectglpi
0.72.4
glpi-projectglpi
0.78
glpi-projectglpi
0.78.1
glpi-projectglpi
0.78.2
glpi-projectglpi
0.78.3
glpi-projectglpi
0.78.4
glpi-projectglpi
0.78.5
glpi-projectglpi
0.80
glpi-projectglpi
0.80.1
glpi-projectglpi
0.80.2
glpi-projectglpi
0.80.3
glpi-projectglpi
0.80.4
glpi-projectglpi
0.80.5
glpi-projectglpi
0.80.6
glpi-projectglpi
0.80.7
glpi-projectglpi
0.80.61
glpi-projectglpi
0.83
glpi-projectglpi
0.83.1
glpi-projectglpi
0.83.2
glpi-projectglpi
0.83.3
glpi-projectglpi
0.83.4
glpi-projectglpi
0.83.5
glpi-projectglpi
0.83.6
glpi-projectglpi
0.83.7
glpi-projectglpi
0.83.8
glpi-projectglpi
0.83.9
glpi-projectglpi
0.83.31
glpi-projectglpi
0.83.91
glpi-projectglpi
0.84
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
glpi
zesty
dne
yakkety
not-affected
xenial
not-affected
wily
ignored
vivid
ignored
utopic
ignored
trusty
dne
saucy
ignored
raring
ignored
quantal
ignored
precise
ignored
lucid
ignored
Common Weakness Enumeration
References
http://www.glpi-project.org/spip.php?page=annonce&id_breve=308
https://forge.indepnet.net/issues/4480
https://forge.indepnet.net/projects/glpi/repository/revisions/21753
https://forge.indepnet.net/projects/glpi/repository/revisions/21753/diff/branches/0.84-bugfixes/inc/central.class.php
https://www.navixia.com/blog/entry/navixia-finds-critical-vulnerabilities-in-glpi-cve-2013-5696.html
http://www.glpi-project.org/spip.php?page=annonce&id_breve=308
https://forge.indepnet.net/issues/4480
https://forge.indepnet.net/projects/glpi/repository/revisions/21753
https://forge.indepnet.net/projects/glpi/repository/revisions/21753/diff/branches/0.84-bugfixes/inc/central.class.php
https://www.navixia.com/blog/entry/navixia-finds-critical-vulnerabilities-in-glpi-cve-2013-5696.html