CVE-2013-5696: CSRF
First published: Mon Sep 23 2013(Updated: )
inc/central.class.php in GLPI before 0.84.2 does not attempt to make install/install.php unavailable after an installation is completed, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and (1) perform a SQL injection via an Etape_4 action or (2) execute arbitrary PHP code via an update_1 action.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GLPI-PROJECT GLPI | <=0.84.1 | |
| GLPI-PROJECT GLPI | =0.5 | |
| GLPI-PROJECT GLPI | =0.5-rc1 | |
| GLPI-PROJECT GLPI | =0.5-rc2 | |
| GLPI-PROJECT GLPI | =0.6 | |
| GLPI-PROJECT GLPI | =0.6-rc1 | |
| GLPI-PROJECT GLPI | =0.6-rc2 | |
| GLPI-PROJECT GLPI | =0.6-rc3 | |
| GLPI-PROJECT GLPI | =0.20 | |
| GLPI-PROJECT GLPI | =0.21 | |
| GLPI-PROJECT GLPI | =0.30 | |
| GLPI-PROJECT GLPI | =0.31 | |
| GLPI-PROJECT GLPI | =0.40 | |
| GLPI-PROJECT GLPI | =0.41 | |
| GLPI-PROJECT GLPI | =0.42 | |
| GLPI-PROJECT GLPI | =0.51 | |
| GLPI-PROJECT GLPI | =0.51a | |
| GLPI-PROJECT GLPI | =0.65 | |
| GLPI-PROJECT GLPI | =0.65-rc1 | |
| GLPI-PROJECT GLPI | =0.65-rc2 | |
| GLPI-PROJECT GLPI | =0.68 | |
| GLPI-PROJECT GLPI | =0.68-rc1 | |
| GLPI-PROJECT GLPI | =0.68-rc2 | |
| GLPI-PROJECT GLPI | =0.68-rc3 | |
| GLPI-PROJECT GLPI | =0.68.1 | |
| GLPI-PROJECT GLPI | =0.68.2 | |
| GLPI-PROJECT GLPI | =0.68.3 | |
| GLPI-PROJECT GLPI | =0.70 | |
| GLPI-PROJECT GLPI | =0.70-rc1 | |
| GLPI-PROJECT GLPI | =0.70-rc2 | |
| GLPI-PROJECT GLPI | =0.70-rc3 | |
| GLPI-PROJECT GLPI | =0.70.1 | |
| GLPI-PROJECT GLPI | =0.70.2 | |
| GLPI-PROJECT GLPI | =0.71 | |
| GLPI-PROJECT GLPI | =0.71.1 | |
| GLPI-PROJECT GLPI | =0.71.1-rc1 | |
| GLPI-PROJECT GLPI | =0.71.1-rc2 | |
| GLPI-PROJECT GLPI | =0.71.1-rc3 | |
| GLPI-PROJECT GLPI | =0.71.2 | |
| GLPI-PROJECT GLPI | =0.71.3 | |
| GLPI-PROJECT GLPI | =0.71.4 | |
| GLPI-PROJECT GLPI | =0.71.5 | |
| GLPI-PROJECT GLPI | =0.71.6 | |
| GLPI-PROJECT GLPI | =0.72 | |
| GLPI-PROJECT GLPI | =0.72-rc1 | |
| GLPI-PROJECT GLPI | =0.72-rc2 | |
| GLPI-PROJECT GLPI | =0.72-rc3 | |
| GLPI-PROJECT GLPI | =0.72.1 | |
| GLPI-PROJECT GLPI | =0.72.2 | |
| GLPI-PROJECT GLPI | =0.72.3 | |
| GLPI-PROJECT GLPI | =0.72.4 | |
| GLPI-PROJECT GLPI | =0.78 | |
| GLPI-PROJECT GLPI | =0.78.1 | |
| GLPI-PROJECT GLPI | =0.78.2 | |
| GLPI-PROJECT GLPI | =0.78.3 | |
| GLPI-PROJECT GLPI | =0.78.4 | |
| GLPI-PROJECT GLPI | =0.78.5 | |
| GLPI-PROJECT GLPI | =0.80 | |
| GLPI-PROJECT GLPI | =0.80.1 | |
| GLPI-PROJECT GLPI | =0.80.2 | |
| GLPI-PROJECT GLPI | =0.80.3 | |
| GLPI-PROJECT GLPI | =0.80.4 | |
| GLPI-PROJECT GLPI | =0.80.5 | |
| GLPI-PROJECT GLPI | =0.80.6 | |
| GLPI-PROJECT GLPI | =0.80.7 | |
| GLPI-PROJECT GLPI | =0.80.61 | |
| GLPI-PROJECT GLPI | =0.83 | |
| GLPI-PROJECT GLPI | =0.83.1 | |
| GLPI-PROJECT GLPI | =0.83.2 | |
| GLPI-PROJECT GLPI | =0.83.3 | |
| GLPI-PROJECT GLPI | =0.83.4 | |
| GLPI-PROJECT GLPI | =0.83.5 | |
| GLPI-PROJECT GLPI | =0.83.6 | |
| GLPI-PROJECT GLPI | =0.83.7 | |
| GLPI-PROJECT GLPI | =0.83.8 | |
| GLPI-PROJECT GLPI | =0.83.9 | |
| GLPI-PROJECT GLPI | =0.83.31 | |
| GLPI-PROJECT GLPI | =0.83.91 | |
| GLPI-PROJECT GLPI | =0.84 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.glpi-project.org/spip.php?page=annonce&id_breve=308
- https://forge.indepnet.net/issues/4480
- https://forge.indepnet.net/projects/glpi/repository/revisions/21753
- https://forge.indepnet.net/projects/glpi/repository/revisions/21753/diff/branches/0.84-bugfixes/inc/central.class.php
- https://www.navixia.com/blog/entry/navixia-finds-critical-vulnerabilities-in-glpi-cve-2013-5696.html
- collector/nvd-index
- agent/author
- agent/severity
- agent/references
- agent/weakness
- agent/type
- agent/description
- agent/softwarecombine
- agent/last-modified-date
- agent/event
- agent/tags
- agent/remedy
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/glpi-project
- canonical/glpi-project glpi
- version/glpi-project glpi/0.84.1
- version/glpi-project glpi/0.5
- version/glpi-project glpi/0.5-rc1
- version/glpi-project glpi/0.5-rc2
- version/glpi-project glpi/0.6
- version/glpi-project glpi/0.6-rc1
- version/glpi-project glpi/0.6-rc2
- version/glpi-project glpi/0.6-rc3
- version/glpi-project glpi/0.20
- version/glpi-project glpi/0.21
- version/glpi-project glpi/0.30
- version/glpi-project glpi/0.31
- version/glpi-project glpi/0.40
- version/glpi-project glpi/0.41
- version/glpi-project glpi/0.42
- version/glpi-project glpi/0.51
- version/glpi-project glpi/0.51a
- version/glpi-project glpi/0.65
- version/glpi-project glpi/0.65-rc1
- version/glpi-project glpi/0.65-rc2
- version/glpi-project glpi/0.68
- version/glpi-project glpi/0.68-rc1
- version/glpi-project glpi/0.68-rc2
- version/glpi-project glpi/0.68-rc3
- version/glpi-project glpi/0.68.1
- version/glpi-project glpi/0.68.2
- version/glpi-project glpi/0.68.3
- version/glpi-project glpi/0.70
- version/glpi-project glpi/0.70-rc1
- version/glpi-project glpi/0.70-rc2
- version/glpi-project glpi/0.70-rc3
- version/glpi-project glpi/0.70.1
- version/glpi-project glpi/0.70.2
- version/glpi-project glpi/0.71
- version/glpi-project glpi/0.71.1
- version/glpi-project glpi/0.71.1-rc1
- version/glpi-project glpi/0.71.1-rc2
- version/glpi-project glpi/0.71.1-rc3
- version/glpi-project glpi/0.71.2
- version/glpi-project glpi/0.71.3
- version/glpi-project glpi/0.71.4
- version/glpi-project glpi/0.71.5
- version/glpi-project glpi/0.71.6
- version/glpi-project glpi/0.72
- version/glpi-project glpi/0.72-rc1
- version/glpi-project glpi/0.72-rc2
- version/glpi-project glpi/0.72-rc3
- version/glpi-project glpi/0.72.1
- version/glpi-project glpi/0.72.2
- version/glpi-project glpi/0.72.3
- version/glpi-project glpi/0.72.4
- version/glpi-project glpi/0.78
- version/glpi-project glpi/0.78.1
- version/glpi-project glpi/0.78.2
- version/glpi-project glpi/0.78.3
- version/glpi-project glpi/0.78.4
- version/glpi-project glpi/0.78.5
- version/glpi-project glpi/0.80
- version/glpi-project glpi/0.80.1
- version/glpi-project glpi/0.80.2
- version/glpi-project glpi/0.80.3
- version/glpi-project glpi/0.80.4
- version/glpi-project glpi/0.80.5
- version/glpi-project glpi/0.80.6
- version/glpi-project glpi/0.80.7
- version/glpi-project glpi/0.80.61
- version/glpi-project glpi/0.83
- version/glpi-project glpi/0.83.1
- version/glpi-project glpi/0.83.2
- version/glpi-project glpi/0.83.3
- version/glpi-project glpi/0.83.4
- version/glpi-project glpi/0.83.5
- version/glpi-project glpi/0.83.6
- version/glpi-project glpi/0.83.7
- version/glpi-project glpi/0.83.8
- version/glpi-project glpi/0.83.9
- version/glpi-project glpi/0.83.31
- version/glpi-project glpi/0.83.91
- version/glpi-project glpi/0.84