CVE-2013-5696
Description
inc/central.class.php in GLPI before 0.84.2 does not attempt to make install/install.php unavailable after an installation is completed, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and (1) perform a SQL injection via an Etape_4 action or (2) execute arbitrary PHP code via an update_1 action.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| glpi-project | glpi | {"endIncluding":"0.84.1"} | |
| glpi-project | glpi | 0.5 | |
| glpi-project | glpi | 0.6 | |
| glpi-project | glpi | 0.20 | |
| glpi-project | glpi | 0.21 | |
| glpi-project | glpi | 0.30 | |
| glpi-project | glpi | 0.31 | |
| glpi-project | glpi | 0.40 | |
| glpi-project | glpi | 0.41 | |
| glpi-project | glpi | 0.42 | |
| glpi-project | glpi | 0.51 | |
| glpi-project | glpi | 0.51a | |
| glpi-project | glpi | 0.65 | |
| glpi-project | glpi | 0.68 | |
| glpi-project | glpi | 0.68.1 | |
| glpi-project | glpi | 0.68.2 | |
| glpi-project | glpi | 0.68.3 | |
| glpi-project | glpi | 0.70 | |
| glpi-project | glpi | 0.70.1 | |
| glpi-project | glpi | 0.70.2 | |
| glpi-project | glpi | 0.71 | |
| glpi-project | glpi | 0.71.1 | |
| glpi-project | glpi | 0.71.2 | |
| glpi-project | glpi | 0.71.3 | |
| glpi-project | glpi | 0.71.4 | |
| glpi-project | glpi | 0.71.5 | |
| glpi-project | glpi | 0.71.6 | |
| glpi-project | glpi | 0.72 | |
| glpi-project | glpi | 0.72.1 | |
| glpi-project | glpi | 0.72.2 | |
| glpi-project | glpi | 0.72.3 | |
| glpi-project | glpi | 0.72.4 | |
| glpi-project | glpi | 0.78 | |
| glpi-project | glpi | 0.78.1 | |
| glpi-project | glpi | 0.78.2 | |
| glpi-project | glpi | 0.78.3 | |
| glpi-project | glpi | 0.78.4 | |
| glpi-project | glpi | 0.78.5 | |
| glpi-project | glpi | 0.80 | |
| glpi-project | glpi | 0.80.1 | |
| glpi-project | glpi | 0.80.2 | |
| glpi-project | glpi | 0.80.3 | |
| glpi-project | glpi | 0.80.4 | |
| glpi-project | glpi | 0.80.5 | |
| glpi-project | glpi | 0.80.6 | |
| glpi-project | glpi | 0.80.7 | |
| glpi-project | glpi | 0.80.61 | |
| glpi-project | glpi | 0.83 | |
| glpi-project | glpi | 0.83.1 | |
| glpi-project | glpi | 0.83.2 | |
| glpi-project | glpi | 0.83.3 | |
| glpi-project | glpi | 0.83.4 | |
| glpi-project | glpi | 0.83.5 | |
| glpi-project | glpi | 0.83.6 | |
| glpi-project | glpi | 0.83.7 | |
| glpi-project | glpi | 0.83.8 | |
| glpi-project | glpi | 0.83.9 | |
| glpi-project | glpi | 0.83.31 | |
| glpi-project | glpi | 0.83.91 | |
| glpi-project | glpi | 0.84 | |
References
- http://www.glpi-project.org/spip.php?page=annonce&id_breve=308
- https://forge.indepnet.net/issues/4480
- https://forge.indepnet.net/projects/glpi/repository/revisions/21753
- https://forge.indepnet.net/projects/glpi/repository/revisions/21753/diff/branches/0.84-bugfixes/inc/central.class.php
- https://www.navixia.com/blog/entry/navixia-finds-critical-vulnerabilities-in-glpi-cve-2013-5696.html
- http://www.glpi-project.org/spip.php?page=annonce&id_breve=308
- https://forge.indepnet.net/issues/4480
- https://forge.indepnet.net/projects/glpi/repository/revisions/21753
- https://forge.indepnet.net/projects/glpi/repository/revisions/21753/diff/branches/0.84-bugfixes/inc/central.class.php
- https://www.navixia.com/blog/entry/navixia-finds-critical-vulnerabilities-in-glpi-cve-2013-5696.html
CWEs
CWE-352
💬 Discuss CVE-2013-5696 on VIR Community →
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.