Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow remote attackers to execute arbitrary SQL commands via the (1) users_id_assign parameter to ajax/ticketassigninformation.php, (2) filename parameter to front/document.form.php, or (3) table parameter to ajax/comments.php.
References
Link | Resource |
---|---|
http://www.glpi-project.org/spip.php?page=annonce&id_breve=297&lang=en&debut_autres_breves= | Patch Vendor Advisory |
http://www.securityfocus.com/bid/60693 | Exploit |
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5146.php | Exploit |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2014-05-14T19:00:00
Updated: 2014-05-14T18:57:01
Reserved: 2013-02-19T00:00:00
Link: CVE-2013-2226
JSON object: View
NVD Information
Status : Analyzed
Published: 2014-05-14T19:55:08.403
Modified: 2014-05-15T12:44:27.123
Link: CVE-2013-2226
JSON object: View
Redhat Information
No data.
CWE