CVE-2013-5696

NONECVSS 0.0

0.0

inc/central.class.php in GLPI before 0.84.2 does not attempt to make install/install.php unavailable after an installation is completed, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and (1) perform a SQL injection via an Etape_4 action or (2) execute arbitrary PHP code via an update_1 action.

🔗 References (10)

cve@mitrehttp://www.glpi-project.org/spip.php?page=annonce&id_breve=308
cve@mitrehttps://forge.indepnet.net/issues/4480
cve@mitrehttps://forge.indepnet.net/projects/glpi/repository/revisions/21753
cve@mitrehttps://forge.indepnet.net/projects/glpi/repository/revisions/21753/diff/branches/0.84-bugfixes/inc/central.class.php
cve@mitrehttps://www.navixia.com/blog/entry/navixia-finds-critical-vulnerabilities-in-glpi-cve-2013-5696.html
af854a3a-2127-422b-91ae-364da2661108http://www.glpi-project.org/spip.php?page=annonce&id_breve=308
af854a3a-2127-422b-91ae-364da2661108https://forge.indepnet.net/issues/4480
af854a3a-2127-422b-91ae-364da2661108https://forge.indepnet.net/projects/glpi/repository/revisions/21753
af854a3a-2127-422b-91ae-364da2661108https://forge.indepnet.net/projects/glpi/repository/revisions/21753/diff/branches/0.84-bugfixes/inc/central.class.php
af854a3a-2127-422b-91ae-364da2661108https://www.navixia.com/blog/entry/navixia-finds-critical-vulnerabilities-in-glpi-cve-2013-5696.html

Is Your Infrastructure Affected by CVE-2013-5696?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2013-5696

📅 Published

🔄 Last Modified

🔗 References (10)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2013-5696?