ALT Linux Team

Branch t7 update on 2013-11-18

2013-11-18

ALT-BU-2013-1365-1

Branch t7 update bulletin.

ALT-PU-2013-1123-1

Package glpi updated to version 0.84.3-alt1 for branch t7 in task 108696.

Closed vulnerabilities

Published: 2014-05-27
Modified: 2024-11-21

CVE-2013-2225

inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the _predefined_fields parameter to front/ticket.form.php.

Severity: MEDIUM (6.4)
References:
Published: 2014-05-14
Modified: 2024-11-21

CVE-2013-2226

Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow remote attackers to execute arbitrary SQL commands via the (1) users_id_assign parameter to ajax/ticketassigninformation.php, (2) filename parameter to front/document.form.php, or (3) table parameter to ajax/comments.php.

Severity: HIGH (7.5)
References:
Published: 2019-11-01
Modified: 2024-11-21

CVE-2013-2227

GLPI 0.83.7 has Local File Inclusion in common.tabs.php.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
References:
Published: 2013-09-23
Modified: 2024-11-21

CVE-2013-5696

inc/central.class.php in GLPI before 0.84.2 does not attempt to make install/install.php unavailable after an installation is completed, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and (1) perform a SQL injection via an Etape_4 action or (2) execute arbitrary PHP code via an update_1 action.

Severity: MEDIUM (6.8)
References:

Closed bugs

Bug #29189

Обновить до версии 0.83.91

VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top