CVE-2013-2225

Severity

64%

Complexity

99%

Confidentiality

81%

Per: http://cwe.mitre.org/data/definitions/502.html "CWE-502: Deserialization of Untrusted Data"

inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the _predefined_fields parameter to front/ticket.form.php.

Per: http://cwe.mitre.org/data/definitions/502.html "CWE-502: Deserialization of Untrusted Data"

CVSS 2.0 Base Score 6.4. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:P).

Overview

Type

glpi-project GLPI

First reported 10 years ago

2014-05-27 14:55:00

Last updated 10 years ago

2014-05-28 17:07:00

Affected Software

glpi-project GLPI 0.5

0.5

glpi-project GLPI 0.5 Release Candidate 1

0.5

glpi-project GLPI 0.5 Release Candidate 2

0.5

glpi-project GLPI 0.6

0.6

glpi-project GLPI 0.6 Release Candidate 1

0.6

glpi-project GLPI 0.6 Release Candidate 2

0.6

glpi-project GLPI 0.6 Release Candidate 3

0.6

glpi-project GLPI 0.20

0.20

glpi-project GLPI 0.21

0.21

glpi-project GLPI 0.30

0.30

glpi-project GLPI 0.31

0.31

glpi-project GLPI 0.40

0.40

glpi-project GLPI 0.41

0.41

glpi-project GLPI 0.42

0.42

glpi-project GLPI 0.51

0.51

glpi-project GLPI 0.51a

0.51a

glpi-project GLPI 0.65

0.65

glpi-project GLPI 0.65 Release Candidate 1

0.65

glpi-project GLPI 0.65 Release Candidate 2

0.65

glpi-project GLPI 0.68

0.68

glpi-project GLPI 0.68 Release Candidate 1

0.68

glpi-project GLPI 0.68 Release Candidate 2

0.68

glpi-project GLPI 0.68 Release Candidate 3

0.68

glpi-project GLPI 0.68.1

0.68.1

glpi-project GLPI 0.68.2

0.68.2

glpi-project GLPI 0.68.3

0.68.3

glpi-project GLPI 0.70

0.70

glpi-project GLPI 0.70 Release Candidate 1

0.70

glpi-project GLPI 0.70 Release Candidate 2

0.70

glpi-project GLPI 0.70 Release Candidate 3

0.70

glpi-project GLPI 0.70.1

0.70.1

glpi-project GLPI 0.70.2

0.70.2

glpi-project GLPI 0.71

0.71

glpi-project GLPI 0.71.1

0.71.1

glpi-project GLPI 0.71 Release Candidate 1

0.71.1

glpi-project GLPI 0.71 Release Candidate 2

0.71.1

glpi-project GLPI 0.71 Release Candidate 3

0.71.1

glpi-project GLPI 0.71.2

0.71.2

glpi-project GLPI 0.71.3

0.71.3

glpi-project GLPI 0.71.4

0.71.4

glpi-project GLPI 0.71.5

0.71.5

glpi-project GLPI 0.71.6

0.71.6

glpi-project GLPI 0.72

0.72

glpi-project GLPI 0.72 Release Candidate 1

0.72

glpi-project GLPI 0.72 Release Candidate 2

0.72

glpi-project GLPI 0.72 Release Candidate 3

0.72

glpi-project GLPI 0.72.1

0.72.1

glpi-project GLPI 0.72.2

0.72.2

glpi-project GLPI 0.72.3

0.72.3

glpi-project GLPI 0.72.4

0.72.4

glpi-project GLPI 0.78

0.78

glpi-project GLPI 0.78.1

0.78.1

glpi-project GLPI 0.78.2

0.78.2

glpi-project GLPI 0.78.3

0.78.3

glpi-project GLPI 0.78.4

0.78.4

glpi-project GLPI 0.78.5

0.78.5

glpi-project GLPI 0.80

0.80

glpi-project GLPI 0.80.1

0.80.1

glpi-project GLPI 0.80.2

0.80.2

glpi-project GLPI 0.80.3

0.80.3

glpi-project GLPI 0.80.4

0.80.4

glpi-project GLPI 0.80.5

0.80.5

glpi-project GLPI 0.80.6

0.80.6

glpi-project GLPI 0.80.7

0.80.7

glpi-project GLPI 0.80.61

0.80.61

glpi-project GLPI 0.83

0.83

glpi-project GLPI 0.83.1

0.83.1

glpi-project GLPI 0.83.2

0.83.2

glpi-project GLPI 0.83.3

0.83.3

glpi-project GLPI 0.83.4

0.83.4

glpi-project GLPI 0.83.5

0.83.5

glpi-project GLPI 0.83.6

0.83.6

glpi-project GLPI 0.83.7

0.83.7

glpi-project GLPI 0.83.8

0.83.8

glpi-project GLPI 0.83.31

0.83.31

References

94683

[oss-security] 20130627 CVE request for GLPI

[oss-security] 20130630 Re: CVE request for GLPI

26530

Exploit

60823

https://forge.indepnet.net/projects/glpi/repository/revisions/21169/diff

Exploit, Patch

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.