Glpi@0.83.3 Security Vulnerabilities and Issues — Glpi@0.83.3 CVE List

Lucene search

Glpi-projectGlpi0.83.3

3 matches found

cve•added 2013/09/23 3:49 a.m.•120 views

CVE-2013-5696

inc/central.class.php in GLPI before 0.84.2 does not attempt to make install/install.php unavailable after an installation is completed, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and (1) perform a SQL injection via an Etape_4 action or (2) execute arbitrary...

6.8CVSS8.1AI score0.6873EPSS

cve•added 2014/05/27 3:0 p.m.•49 views

CVE-2013-2225

inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the _predefined_fields parameter to front/ticket.form.php.

6.4CVSS7.4AI score0.15509EPSS

cve•added 2014/05/14 7:55 p.m.•46 views

CVE-2013-2226

Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow remote attackers to execute arbitrary SQL commands via the (1) users_id_assign parameter to ajax/ticketassigninformation.php, (2) filename parameter to front/document.form.php, or (3) table parameter to ajax/comments.php.

7.5CVSS8.1AI score0.0302EPSS