Vulnerability Description
inc/central.class.php in GLPI before 0.84.2 does not attempt to make install/install.php unavailable after an installation is completed, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and (1) perform a SQL injection via an Etape_4 action or (2) execute arbitrary PHP code via an update_1 action.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Glpi-Project | Glpi | <= 0.84.1 |
Related Weaknesses (CWE)
References
- http://www.glpi-project.org/spip.php?page=annonce&id_breve=308Patch
- https://forge.indepnet.net/issues/4480
- https://forge.indepnet.net/projects/glpi/repository/revisions/21753Patch
- https://forge.indepnet.net/projects/glpi/repository/revisions/21753/diff/branchePatch
- https://www.navixia.com/blog/entry/navixia-finds-critical-vulnerabilities-in-glpExploit
- http://www.glpi-project.org/spip.php?page=annonce&id_breve=308Patch
- https://forge.indepnet.net/issues/4480
- https://forge.indepnet.net/projects/glpi/repository/revisions/21753Patch
- https://forge.indepnet.net/projects/glpi/repository/revisions/21753/diff/branchePatch
- https://www.navixia.com/blog/entry/navixia-finds-critical-vulnerabilities-in-glpExploit
FAQ
What is CVE-2013-5696?
CVE-2013-5696 is a vulnerability with a CVSS score of 6.8 (MEDIUM). inc/central.class.php in GLPI before 0.84.2 does not attempt to make install/install.php unavailable after an installation is completed, which allows remote attackers to conduct cross-site request for...
How severe is CVE-2013-5696?
CVE-2013-5696 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-5696?
Check the references section above for vendor advisories and patch information. Affected products include: Glpi-Project Glpi.