Package: glpi Version: 0.83.91-3 Severity: important Tags: security, fixed-upstream
Fixed in GLPI 0.84.2. * SQL Injection * PHP Code Execution * CSRF (seems that it is the vector for the SQL injection) CVE split pending: http://www.openwall.com/lists/oss-security/2013/09/20/2 References: http://www.glpi-project.org/spip.php?page=annonce&id_breve=308 https://forge.indepnet.net/issues/4480 https://www.htbridge.com/advisory/HTB23173 --- Henri Salo
signature.asc
Description: Digital signature