Vulnerability Description
Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow remote attackers to execute arbitrary SQL commands via the (1) users_id_assign parameter to ajax/ticketassigninformation.php, (2) filename parameter to front/document.form.php, or (3) table parameter to ajax/comments.php.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Glpi-Project | Glpi | <= 0.83.8 |
Related Weaknesses (CWE)
References
- http://www.glpi-project.org/spip.php?page=annonce&id_breve=297&lang=en&debut_autPatchVendor Advisory
- http://www.securityfocus.com/bid/60693Exploit
- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5146.phpExploit
- http://www.glpi-project.org/spip.php?page=annonce&id_breve=297&lang=en&debut_autPatchVendor Advisory
- http://www.securityfocus.com/bid/60693Exploit
- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5146.phpExploit
FAQ
What is CVE-2013-2226?
CVE-2013-2226 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow remote attackers to execute arbitrary SQL commands via the (1) users_id_assign parameter to ajax/ticketassigninformation.php, (2) fil...
How severe is CVE-2013-2226?
CVE-2013-2226 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-2226?
Check the references section above for vendor advisories and patch information. Affected products include: Glpi-Project Glpi.