Published: 27/05/2014 Updated: 28/05/2014

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

VMScore: 645

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P

inc/ticket.class.php in GLPI 0.83.9 and previous versions allows remote malicious users to unserialize arbitrary PHP objects via the _predefined_fields parameter to front/ticket.form.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
glpi-project glpi 0.21
glpi-project glpi 0.30
glpi-project glpi 0.31
glpi-project glpi 0.40
glpi-project glpi 0.65
glpi-project glpi 0.68
glpi-project glpi 0.71.1
glpi-project glpi 0.5
glpi-project glpi 0.51
glpi-project glpi 0.51a
glpi-project glpi 0.6
glpi-project glpi 0.70
glpi-project glpi 0.72
glpi-project glpi 0.72.1
glpi-project glpi 0.83.6
glpi-project glpi 0.83.5
glpi-project glpi 0.83.4
glpi-project glpi 0.83.31
glpi-project glpi 0.42
glpi-project glpi 0.68.2
glpi-project glpi 0.70.2
glpi-project glpi 0.71.3
glpi-project glpi 0.71.5
glpi-project glpi 0.72.2
glpi-project glpi 0.72.4
glpi-project glpi
glpi-project glpi 0.83.7
glpi-project glpi 0.83.3
glpi-project glpi 0.83.1
glpi-project glpi 0.80.3
glpi-project glpi 0.80.1
glpi-project glpi 0.71.2
glpi-project glpi 0.78.1
glpi-project glpi 0.78.2
glpi-project glpi 0.78.3
glpi-project glpi 0.78.4
glpi-project glpi 0.80.7
glpi-project glpi 0.80.61
glpi-project glpi 0.80.6
glpi-project glpi 0.80.5
glpi-project glpi 0.80.4
glpi-project glpi 0.20
glpi-project glpi 0.41
glpi-project glpi 0.68.1
glpi-project glpi 0.68.3
glpi-project glpi 0.70.1
glpi-project glpi 0.71
glpi-project glpi 0.71.4
glpi-project glpi 0.71.6
glpi-project glpi 0.72.3
glpi-project glpi 0.78
glpi-project glpi 0.78.5
glpi-project glpi 0.83.8
glpi-project glpi 0.83.2
glpi-project glpi 0.83
glpi-project glpi 0.80.2
glpi-project glpi 0.80

Debian Bug report logs - #714720 glpi: Multiple security issues Package: glpi; Maintainer for glpi is Pierre Chifflier <pollux@debianorg>; Source for glpi is src:glpi (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Tue, 2 Jul 2013 06:45:01 UTC Severity: important Fixed in version glp ...

source: wwwsecurityfocuscom/bid/60823/info GLPI is prone to a remote PHP code-execution vulnerability An attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the affected application This may facilitate a compromise of the application and the underlying system; other attacks are also possible G ...

NVD-CWE-Other https://forge.indepnet.net/projects/glpi/repository/revisions/21169/diff http://seclists.org/oss-sec/2013/q2/645 http://osvdb.org/94683 http://www.securityfocus.com/bid/60823 http://seclists.org/oss-sec/2013/q2/626 http://www.exploit-db.com/exploits/26530 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714720 https://nvd.nist.gov https://www.exploit-db.com/exploits/26530/

CVE-2013-2225

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect