[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249622

 
 

909

 
 

195549

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2013-2226Date: (C)2014-05-15   (M)2023-12-22


Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow remote attackers to execute arbitrary SQL commands via the (1) users_id_assign parameter to ajax/ticketassigninformation.php, (2) filename parameter to front/document.form.php, or (3) table parameter to ajax/comments.php.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
BID-60693
http://www.glpi-project.org/spip.php?page=annonce&id_breve=297&lang=en&debut_autres_breves=
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5146.php

CPE    10
cpe:/a:glpi-project:glpi:0.83
cpe:/a:glpi-project:glpi:0.83.7
cpe:/a:glpi-project:glpi:0.83.5
cpe:/a:glpi-project:glpi:0.83.6
...
CWE    1
CWE-89
OVAL    3
oval:org.secpod.oval:def:105823
oval:org.secpod.oval:def:105689
oval:org.secpod.oval:def:105620

© SecPod Technologies