CVE-2013-5696

EUVD-2013-5533
inc/central.class.php in GLPI before 0.84.2 does not attempt to make install/install.php unavailable after an installation is completed, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and (1) perform a SQL injection via an Etape_4 action or (2) execute arbitrary PHP code via an update_1 action.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
Affected Products (NVD)
VendorProductVersion
glpi-projectglpi
𝑥
≤ 0.84.1
glpi-projectglpi
0.5
glpi-projectglpi
0.5:rc1
glpi-projectglpi
0.5:rc2
glpi-projectglpi
0.6
glpi-projectglpi
0.6:rc1
glpi-projectglpi
0.6:rc2
glpi-projectglpi
0.6:rc3
glpi-projectglpi
0.20
glpi-projectglpi
0.21
glpi-projectglpi
0.30
glpi-projectglpi
0.31
glpi-projectglpi
0.40
glpi-projectglpi
0.41
glpi-projectglpi
0.42
glpi-projectglpi
0.51
glpi-projectglpi
0.51a:a
glpi-projectglpi
0.65
glpi-projectglpi
0.65:rc1
glpi-projectglpi
0.65:rc2
glpi-projectglpi
0.68
glpi-projectglpi
0.68:rc1
glpi-projectglpi
0.68:rc2
glpi-projectglpi
0.68:rc3
glpi-projectglpi
0.68.1
glpi-projectglpi
0.68.2
glpi-projectglpi
0.68.3
glpi-projectglpi
0.70
glpi-projectglpi
0.70:rc1
glpi-projectglpi
0.70:rc2
glpi-projectglpi
0.70:rc3
glpi-projectglpi
0.70.1
glpi-projectglpi
0.70.2
glpi-projectglpi
0.71
glpi-projectglpi
0.71.1
glpi-projectglpi
0.71.1:rc1
glpi-projectglpi
0.71.1:rc2
glpi-projectglpi
0.71.1:rc3
glpi-projectglpi
0.71.2
glpi-projectglpi
0.71.3
glpi-projectglpi
0.71.4
glpi-projectglpi
0.71.5
glpi-projectglpi
0.71.6
glpi-projectglpi
0.72
glpi-projectglpi
0.72:rc1
glpi-projectglpi
0.72:rc2
glpi-projectglpi
0.72:rc3
glpi-projectglpi
0.72.1
glpi-projectglpi
0.72.2
glpi-projectglpi
0.72.3
glpi-projectglpi
0.72.4
glpi-projectglpi
0.78
glpi-projectglpi
0.78.1
glpi-projectglpi
0.78.2
glpi-projectglpi
0.78.3
glpi-projectglpi
0.78.4
glpi-projectglpi
0.78.5
glpi-projectglpi
0.80
glpi-projectglpi
0.80.1
glpi-projectglpi
0.80.2
glpi-projectglpi
0.80.3
glpi-projectglpi
0.80.4
glpi-projectglpi
0.80.5
glpi-projectglpi
0.80.6
glpi-projectglpi
0.80.7
glpi-projectglpi
0.80.61
glpi-projectglpi
0.83
glpi-projectglpi
0.83.1
glpi-projectglpi
0.83.2
glpi-projectglpi
0.83.3
glpi-projectglpi
0.83.4
glpi-projectglpi
0.83.5
glpi-projectglpi
0.83.6
glpi-projectglpi
0.83.7
glpi-projectglpi
0.83.8
glpi-projectglpi
0.83.9
glpi-projectglpi
0.83.31
glpi-projectglpi
0.83.91
glpi-projectglpi
0.84
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
glpi
lucid
ignored
precise
ignored
quantal
ignored
raring
ignored
saucy
ignored
trusty
dne
utopic
ignored
vivid
ignored
wily
ignored
xenial
not-affected
yakkety
not-affected
zesty
dne
Common Weakness Enumeration
References
http://www.glpi-project.org/spip.php?page=annonce&id_breve=308
https://forge.indepnet.net/issues/4480
https://forge.indepnet.net/projects/glpi/repository/revisions/21753
https://forge.indepnet.net/projects/glpi/repository/revisions/21753/diff/branches/0.84-bugfixes/inc/central.class.php
https://www.navixia.com/blog/entry/navixia-finds-critical-vulnerabilities-in-glpi-cve-2013-5696.html
http://www.glpi-project.org/spip.php?page=annonce&id_breve=308
https://forge.indepnet.net/issues/4480
https://forge.indepnet.net/projects/glpi/repository/revisions/21753
https://forge.indepnet.net/projects/glpi/repository/revisions/21753/diff/branches/0.84-bugfixes/inc/central.class.php
https://www.navixia.com/blog/entry/navixia-finds-critical-vulnerabilities-in-glpi-cve-2013-5696.html