CVE-2013-2225
medium
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
6.4
Description
inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the _predefined_fields parameter to front/ticket.form.php.
Predictions
Exploit likelihood
20%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| glpi-project | glpi | {"endIncluding":"0.83.9"} | |
| glpi-project | glpi | 0.5 | |
| glpi-project | glpi | 0.6 | |
| glpi-project | glpi | 0.20 | |
| glpi-project | glpi | 0.21 | |
| glpi-project | glpi | 0.30 | |
| glpi-project | glpi | 0.31 | |
| glpi-project | glpi | 0.40 | |
| glpi-project | glpi | 0.41 | |
| glpi-project | glpi | 0.42 | |
| glpi-project | glpi | 0.51 | |
| glpi-project | glpi | 0.51a | |
| glpi-project | glpi | 0.65 | |
| glpi-project | glpi | 0.68 | |
| glpi-project | glpi | 0.68.1 | |
| glpi-project | glpi | 0.68.2 | |
| glpi-project | glpi | 0.68.3 | |
| glpi-project | glpi | 0.70 | |
| glpi-project | glpi | 0.70.1 | |
| glpi-project | glpi | 0.70.2 | |
| glpi-project | glpi | 0.71 | |
| glpi-project | glpi | 0.71.1 | |
| glpi-project | glpi | 0.71.2 | |
| glpi-project | glpi | 0.71.3 | |
| glpi-project | glpi | 0.71.4 | |
| glpi-project | glpi | 0.71.5 | |
| glpi-project | glpi | 0.71.6 | |
| glpi-project | glpi | 0.72 | |
| glpi-project | glpi | 0.72.1 | |
| glpi-project | glpi | 0.72.2 | |
| glpi-project | glpi | 0.72.3 | |
| glpi-project | glpi | 0.72.4 | |
| glpi-project | glpi | 0.78 | |
| glpi-project | glpi | 0.78.1 | |
| glpi-project | glpi | 0.78.2 | |
| glpi-project | glpi | 0.78.3 | |
| glpi-project | glpi | 0.78.4 | |
| glpi-project | glpi | 0.78.5 | |
| glpi-project | glpi | 0.80 | |
| glpi-project | glpi | 0.80.1 | |
| glpi-project | glpi | 0.80.2 | |
| glpi-project | glpi | 0.80.3 | |
| glpi-project | glpi | 0.80.4 | |
| glpi-project | glpi | 0.80.5 | |
| glpi-project | glpi | 0.80.6 | |
| glpi-project | glpi | 0.80.7 | |
| glpi-project | glpi | 0.80.61 | |
| glpi-project | glpi | 0.83 | |
| glpi-project | glpi | 0.83.1 | |
| glpi-project | glpi | 0.83.2 | |
| glpi-project | glpi | 0.83.3 | |
| glpi-project | glpi | 0.83.4 | |
| glpi-project | glpi | 0.83.5 | |
| glpi-project | glpi | 0.83.6 | |
| glpi-project | glpi | 0.83.7 | |
| glpi-project | glpi | 0.83.8 | |
| glpi-project | glpi | 0.83.31 | |
References
- http://osvdb.org/94683
- http://seclists.org/oss-sec/2013/q2/626
- http://seclists.org/oss-sec/2013/q2/645
- http://www.exploit-db.com/exploits/26530
- http://www.securityfocus.com/bid/60823
- https://forge.indepnet.net/projects/glpi/repository/revisions/21169/diff
- http://osvdb.org/94683
- http://seclists.org/oss-sec/2013/q2/626
- http://seclists.org/oss-sec/2013/q2/645
- http://www.exploit-db.com/exploits/26530
- http://www.securityfocus.com/bid/60823
- https://forge.indepnet.net/projects/glpi/repository/revisions/21169/diff
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.