Lucene search

K

[email protected]NVD:CVE-2013-2226

HistoryMay 14, 2014 - 7:55 p.m.

CVE-2013-2226

2014-05-1419:55:08

CWE-89

[email protected]

web.nvd.nist.gov

1

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

65.1%

Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow remote attackers to execute arbitrary SQL commands via the (1) users_id_assign parameter to ajax/ticketassigninformation.php, (2) filename parameter to front/document.form.php, or (3) table parameter to ajax/comments.php.

Affected configurations

NVD

Node

glpi-projectglpiRange≤0.83.8

OR

glpi-projectglpiMatch0.83

OR

glpi-projectglpiMatch0.83.1

OR

glpi-projectglpiMatch0.83.2

OR

glpi-projectglpiMatch0.83.3

OR

glpi-projectglpiMatch0.83.4

OR

glpi-projectglpiMatch0.83.5

OR

glpi-projectglpiMatch0.83.6

OR

glpi-projectglpiMatch0.83.7

OR

glpi-projectglpiMatch0.83.31

References

www.glpi-project.org/spip.php?page=annonce&id_breve=297&lang=en&debut_autres_breves=

www.securityfocus.com/bid/60693

www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5146.php

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

65.1%

Related for NVD:CVE-2013-2226

cve1 cvelist1 prion1 ubuntucve1 nessus4 openvas7 fedora3 mageia1 securityvulns1