Bug#723837: glpi: Multiple security vulnerabilities

Fri, 20 Sep 2013 02:45:39 -0700 

Package: glpi
Version: 0.83.91-3
Severity: important
Tags: security, fixed-upstream

Fixed in GLPI 0.84.2.

* SQL Injection
* PHP Code Execution
* CSRF (seems that it is the vector for the SQL injection)

CVE split pending: http://www.openwall.com/lists/oss-security/2013/09/20/2
References:
http://www.glpi-project.org/spip.php?page=annonce&id_breve=308
https://forge.indepnet.net/issues/4480
https://www.htbridge.com/advisory/HTB23173

---
Henri Salo

Attachment: signature.asc
Description: Digital signature

Reply via email to