GLPI 0.83.9 'unserialize()' Function Remote Code Execution Vulnerability

2013-07-01T00:00:00
ID 1337DAY-ID-20957
Type zdt
Reporter Xavier Mehrenberger
Modified 2013-07-01T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            Source: http://www.securityfocus.com/bid/60823/info
 
GLPI is prone to a remote PHP code-execution vulnerability.
 
An attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the affected application. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
 
GLPI 0.83.9 is vulnerable; other versions may also be affected.
 
An attacker can exploit this issue using a web browser.
 
The following example URI is available:
 
http://www.example.com/glpi/front/ticket.form.php?id=1&_predefined_fields=[XXXX]

#  0day.today [2018-04-02]  #