CVE-2013-2226

Published May 14, 2014

Last updated 3 months ago

CVSS info 7.5

Overview

Description: Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow remote attackers to execute arbitrary SQL commands via the (1) users_id_assign parameter to ajax/ticketassigninformation.php, (2) filename parameter to front/document.form.php, or (3) table parameter to ajax/comments.php.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-89

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "19FA5E3B-5F78-4D79-8507-9168136134D9",
            "versionEndIncluding": "0.83.8"
          },
          {
            "criteria": "cpe:2.3:a:glpi-project:glpi:0.83:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E14F94C4-4ED5-44A4-A017-5EC66E3210F9"
          },
          {
            "criteria": "cpe:2.3:a:glpi-project:glpi:0.83.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4B80B37D-CAF3-4109-95A9-F49E28B938C1"
          },
          {
            "criteria": "cpe:2.3:a:glpi-project:glpi:0.83.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB316B74-8FE4-40A6-A0D3-C4CD88CB9656"
          },
          {
            "criteria": "cpe:2.3:a:glpi-project:glpi:0.83.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3D4574B9-E843-4D7A-A9E3-938051A048B0"
          },
          {
            "criteria": "cpe:2.3:a:glpi-project:glpi:0.83.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BB555723-6E7F-4D0F-92B9-BE1ACD7DBD97"
          },
          {
            "criteria": "cpe:2.3:a:glpi-project:glpi:0.83.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9002F098-D328-413E-9A1D-14B5759C4B07"
          },
          {
            "criteria": "cpe:2.3:a:glpi-project:glpi:0.83.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C1AC97A-6C1E-4AD4-B7E4-272224E2DBC4"
          },
          {
            "criteria": "cpe:2.3:a:glpi-project:glpi:0.83.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D54783ED-47B3-4A86-A905-3A47BF1DFFF3"
          },
          {
            "criteria": "cpe:2.3:a:glpi-project:glpi:0.83.31:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "692076F9-0855-45B1-B19E-63C9D3902511"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References