Lucene search

[email protected]CVE-2013-5696

HistoryOct 03, 2022 - 4:14 p.m.

CVE-2013-5696

2022-10-0316:14:54

CWE-352

[email protected]

web.nvd.nist.gov

cve-2013-5696

glpi

csrf

sql injection

php code execution

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.1 High

AI Score

Confidence

Low

0.686 Medium

EPSS

Percentile

98.0%

JSON

inc/central.class.php in GLPI before 0.84.2 does not attempt to make install/install.php unavailable after an installation is completed, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and (1) perform a SQL injection via an Etape_4 action or (2) execute arbitrary PHP code via an update_1 action.

Affected configurations

NVD

Node

glpi-projectglpiRange≤0.84.1

glpi-projectglpiMatch0.5

glpi-projectglpiMatch0.5rc1

glpi-projectglpiMatch0.5rc2

glpi-projectglpiMatch0.6

glpi-projectglpiMatch0.6rc1

glpi-projectglpiMatch0.6rc2

glpi-projectglpiMatch0.6rc3

glpi-projectglpiMatch0.20

glpi-projectglpiMatch0.21

glpi-projectglpiMatch0.30

glpi-projectglpiMatch0.31

glpi-projectglpiMatch0.40

glpi-projectglpiMatch0.41

glpi-projectglpiMatch0.42

glpi-projectglpiMatch0.51

glpi-projectglpiMatch0.51a

glpi-projectglpiMatch0.65

glpi-projectglpiMatch0.65rc1

glpi-projectglpiMatch0.65rc2

glpi-projectglpiMatch0.68

glpi-projectglpiMatch0.68rc1

glpi-projectglpiMatch0.68rc2

glpi-projectglpiMatch0.68rc3

glpi-projectglpiMatch0.68.1

glpi-projectglpiMatch0.68.2

glpi-projectglpiMatch0.68.3

glpi-projectglpiMatch0.70

glpi-projectglpiMatch0.70rc1

glpi-projectglpiMatch0.70rc2

glpi-projectglpiMatch0.70rc3

glpi-projectglpiMatch0.70.1

glpi-projectglpiMatch0.70.2

glpi-projectglpiMatch0.71

glpi-projectglpiMatch0.71.1

glpi-projectglpiMatch0.71.1rc1

glpi-projectglpiMatch0.71.1rc2

glpi-projectglpiMatch0.71.1rc3

glpi-projectglpiMatch0.71.2

glpi-projectglpiMatch0.71.3

glpi-projectglpiMatch0.71.4

glpi-projectglpiMatch0.71.5

glpi-projectglpiMatch0.71.6

glpi-projectglpiMatch0.72

glpi-projectglpiMatch0.72rc1

glpi-projectglpiMatch0.72rc2

glpi-projectglpiMatch0.72rc3

glpi-projectglpiMatch0.72.1

glpi-projectglpiMatch0.72.2

glpi-projectglpiMatch0.72.3

glpi-projectglpiMatch0.72.4

glpi-projectglpiMatch0.78

glpi-projectglpiMatch0.78.1

glpi-projectglpiMatch0.78.2

glpi-projectglpiMatch0.78.3

glpi-projectglpiMatch0.78.4

glpi-projectglpiMatch0.78.5

glpi-projectglpiMatch0.80

glpi-projectglpiMatch0.80.1

glpi-projectglpiMatch0.80.2

glpi-projectglpiMatch0.80.3

glpi-projectglpiMatch0.80.4

glpi-projectglpiMatch0.80.5

glpi-projectglpiMatch0.80.6

glpi-projectglpiMatch0.80.7

glpi-projectglpiMatch0.80.61

glpi-projectglpiMatch0.83

glpi-projectglpiMatch0.83.1

glpi-projectglpiMatch0.83.2

glpi-projectglpiMatch0.83.3

glpi-projectglpiMatch0.83.4

glpi-projectglpiMatch0.83.5

glpi-projectglpiMatch0.83.6

glpi-projectglpiMatch0.83.7

glpi-projectglpiMatch0.83.8

glpi-projectglpiMatch0.83.9

glpi-projectglpiMatch0.83.31

glpi-projectglpiMatch0.83.91

glpi-projectglpiMatch0.84

CPENameOperatorVersion
glpi-project:glpiglpi-project glpile0.84.1
glpi-project:glpiglpi-project glpieq0.5
glpi-project:glpiglpi-project glpieq0.6
glpi-project:glpiglpi-project glpieq0.20
glpi-project:glpiglpi-project glpieq0.21
glpi-project:glpiglpi-project glpieq0.30
glpi-project:glpiglpi-project glpieq0.31
glpi-project:glpiglpi-project glpieq0.40
glpi-project:glpiglpi-project glpieq0.41
glpi-project:glpiglpi-project glpieq0.42

CPE	Name	Operator	Version
glpi-project:glpi	glpi-project glpi	le	0.84.1
glpi-project:glpi	glpi-project glpi	eq	0.5
glpi-project:glpi	glpi-project glpi	eq	0.6
glpi-project:glpi	glpi-project glpi	eq	0.20
glpi-project:glpi	glpi-project glpi	eq	0.21
glpi-project:glpi	glpi-project glpi	eq	0.30
glpi-project:glpi	glpi-project glpi	eq	0.31
glpi-project:glpi	glpi-project glpi	eq	0.40
glpi-project:glpi	glpi-project glpi	eq	0.41
glpi-project:glpi	glpi-project glpi	eq	0.42