Glpi@0.83.1 Security Vulnerabilities and Issues — Glpi@0.83.1 CVE List

Lucene search

Glpi-projectGlpi0.83.1

5 matches found

CVE•added 2013/09/23 3:49 a.m.•120 views

CVE-2013-5696

inc/central.class.php in GLPI before 0.84.2 does not attempt to make install/install.php unavailable after an installation is completed, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and (1) perform a SQL injection via an Etape_4 action or (2) execute arbitrary...

6.8CVSS8.1AI score0.6873EPSS

CVE•added 2014/05/27 3:0 p.m.•49 views

CVE-2013-2225

inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the _predefined_fields parameter to front/ticket.form.php.

6.4CVSS7.4AI score0.15509EPSS

CVE•added 2012/10/09 11:55 p.m.•46 views

CVE-2012-4003

Multiple cross-site scripting (XSS) vulnerabilities in GLPI-PROJECT GLPI before 0.83.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3CVSS5.8AI score0.00256EPSS

CVE•added 2014/05/14 7:55 p.m.•46 views

CVE-2013-2226

Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow remote attackers to execute arbitrary SQL commands via the (1) users_id_assign parameter to ajax/ticketassigninformation.php, (2) filename parameter to front/document.form.php, or (3) table parameter to ajax/comments.php.

7.5CVSS8.1AI score0.0302EPSS

CVE•added 2012/10/09 11:55 p.m.•42 views

CVE-2012-4002

Cross-site request forgery (CSRF) vulnerability in GLPI-PROJECT GLPI before 0.83.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

6.8CVSS7.3AI score0.002EPSS