GLPI install.php Remote Command Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

GLPI install.php Remote Command Execution (CVE-2013-5696)

A command execution vulnerability has been reported in GLPI...

GLPI 0.84.1 - Multiple Vulnerabilities

GLPI version 0.84.1 suffers from improper access control bypass and PHP code injection vulnerabilities. Product: GLPI Vendor: INDEPNET Vulnerable Versions: 0.84.1 and probably prior Tested Version: 0.84.1 Advisory Publication: September 11, 2013 without technical details Vendor Notification:...

GLPI 0.84.1 - Multiple Vulnerabilities

Advisory ID: HTB23173 Product: GLPI Vendor: INDEPNET Vulnerable Versions: 0.84.1 and probably prior Tested Version: 0.84.1 Advisory Publication: September 11, 2013 without technical details Vendor Notification: September 11, 2013 Vendor Patch: September 12, 2013 Public Disclosure: October 2, 2013...

GLPI 0.84.1 - Multiple Vulnerabilities

GLPI 0.84.1 - Multiple Vulnerabilities Advisory ID: HTB23173 Product: GLPI Vendor: INDEPNET Vulnerable Versions: 0.84.1 and probably prior Tested Version: 0.84.1 Advisory Publication: September 11, 2013 without technical details Vendor Notification: September 11, 2013 Vendor Patch: September 12,...

Mandriva Linux Security Advisory : glpi (MDVSA-2013:240)

Updated glpi package fixes security vulnerabilities : Multiple security vulnerabilities due to improper sanitation of user input in GLPI before versions 0.83.9 CVE-2013-2226, 0.83.91 CVE-2013-2225, and 0.84.2 CVE-2013-5696. This update provides GLPI version 0.83.91, with a patch from GLPI 0.84.2,...

CVE-2013-5696

GLPI before 0.84.2 is affected by CVE-2013-5696 due to inc/central.class.php not disabling install.php after installation, enabling CSRF and, via Etape_4 and update_1 actions, potential SQL injection and arbitrary PHP code execution. The CVE is documented with root cause as improper access contro...

CVE-2013-5696

inc/central.class.php in GLPI before 0.84.2 does not attempt to make install/install.php unavailable after an installation is completed, which allows remote attackers to conduct cross-site request forgery CSRF attacks, and 1 perform a SQL injection via an Etape4 action or 2 execute arbitrary PHP...

GLPI - 'install.php' Remote Command Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'GLPI install.php Remote Command...

GLPI install.php Remote Command Execution

This module exploits an arbitrary command execution vulnerability in the GLPI 'install.php' script. This module is set to ManualRanking due to this module overwriting the target database configuration, which may introduce target instability. This module requires Metasploit:...

Security fix for the ALT Linux 9 package glpi version 0.84.2-alt1

Sept. 20, 2013 Pavel Zilke 0.84.2-alt1 - Security fixes: + CVE-2013-5696 : SQL Injection, PHP Code Execution, CSRF...