[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249622

 
 

909

 
 

195521

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-9258Date: (C)2014-12-22   (M)2023-12-22


SQL injection vulnerability in ajax/getDropdownValue.php in GLPI before 0.85.1 allows remote authenticated users to execute arbitrary SQL commands via the condition parameter.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.5
Exploit Score: 8.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
OSVDB-115957
EXPLOIT-DB-35528
SECUNIA-61367
FEDORA-2014-17497
FEDORA-2014-17508
FEDORA-2014-17520
MDVSA-2015:167
http://advisories.mageia.org/MGASA-2015-0017.html
http://security.szurek.pl/glpi-085-blind-sql-injection.html
http://www.glpi-project.org/spip.php?page=annonce&id_breve=334&lang=en

CPE    1
cpe:/a:glpi-project:glpi
CWE    1
CWE-89
OVAL    5
oval:org.secpod.oval:def:108621
oval:org.secpod.oval:def:108249
oval:org.secpod.oval:def:108228
oval:org.secpod.oval:def:108243
...

© SecPod Technologies