Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2013-2225

inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the _predefined_fields parameter to front/ticket.form.php.

Published

2014-05-27T14:55:09.930

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.4 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

4.9

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	glpi-project	glpi	≤ 0.83.9	Yes
Application	glpi-project	glpi	0.5	Yes
Application	glpi-project	glpi	0.5	Yes
Application	glpi-project	glpi	0.5	Yes
Application	glpi-project	glpi	0.6	Yes
Application	glpi-project	glpi	0.6	Yes
Application	glpi-project	glpi	0.6	Yes
Application	glpi-project	glpi	0.6	Yes
Application	glpi-project	glpi	0.20	Yes
Application	glpi-project	glpi	0.21	Yes
Application	glpi-project	glpi	0.30	Yes
Application	glpi-project	glpi	0.31	Yes
Application	glpi-project	glpi	0.40	Yes
Application	glpi-project	glpi	0.41	Yes
Application	glpi-project	glpi	0.42	Yes
Application	glpi-project	glpi	0.51	Yes
Application	glpi-project	glpi	0.51a	Yes
Application	glpi-project	glpi	0.65	Yes
Application	glpi-project	glpi	0.65	Yes
Application	glpi-project	glpi	0.65	Yes
Application	glpi-project	glpi	0.68	Yes
Application	glpi-project	glpi	0.68	Yes
Application	glpi-project	glpi	0.68	Yes
Application	glpi-project	glpi	0.68	Yes
Application	glpi-project	glpi	0.68.1	Yes
Application	glpi-project	glpi	0.68.2	Yes
Application	glpi-project	glpi	0.68.3	Yes
Application	glpi-project	glpi	0.70	Yes
Application	glpi-project	glpi	0.70	Yes
Application	glpi-project	glpi	0.70	Yes
Application	glpi-project	glpi	0.70	Yes
Application	glpi-project	glpi	0.70.1	Yes
Application	glpi-project	glpi	0.70.2	Yes
Application	glpi-project	glpi	0.71	Yes
Application	glpi-project	glpi	0.71.1	Yes
Application	glpi-project	glpi	0.71.1	Yes
Application	glpi-project	glpi	0.71.1	Yes
Application	glpi-project	glpi	0.71.1	Yes
Application	glpi-project	glpi	0.71.2	Yes
Application	glpi-project	glpi	0.71.3	Yes
Application	glpi-project	glpi	0.71.4	Yes
Application	glpi-project	glpi	0.71.5	Yes
Application	glpi-project	glpi	0.71.6	Yes
Application	glpi-project	glpi	0.72	Yes
Application	glpi-project	glpi	0.72	Yes
Application	glpi-project	glpi	0.72	Yes
Application	glpi-project	glpi	0.72	Yes
Application	glpi-project	glpi	0.72.1	Yes
Application	glpi-project	glpi	0.72.2	Yes
Application	glpi-project	glpi	0.72.3	Yes
Application	glpi-project	glpi	0.72.4	Yes
Application	glpi-project	glpi	0.78	Yes
Application	glpi-project	glpi	0.78.1	Yes
Application	glpi-project	glpi	0.78.2	Yes
Application	glpi-project	glpi	0.78.3	Yes
Application	glpi-project	glpi	0.78.4	Yes
Application	glpi-project	glpi	0.78.5	Yes
Application	glpi-project	glpi	0.80	Yes
Application	glpi-project	glpi	0.80.1	Yes
Application	glpi-project	glpi	0.80.2	Yes
Application	glpi-project	glpi	0.80.3	Yes
Application	glpi-project	glpi	0.80.4	Yes
Application	glpi-project	glpi	0.80.5	Yes
Application	glpi-project	glpi	0.80.6	Yes
Application	glpi-project	glpi	0.80.7	Yes
Application	glpi-project	glpi	0.80.61	Yes
Application	glpi-project	glpi	0.83	Yes
Application	glpi-project	glpi	0.83.1	Yes
Application	glpi-project	glpi	0.83.2	Yes
Application	glpi-project	glpi	0.83.3	Yes
Application	glpi-project	glpi	0.83.4	Yes
Application	glpi-project	glpi	0.83.5	Yes
Application	glpi-project	glpi	0.83.6	Yes
Application	glpi-project	glpi	0.83.7	Yes
Application	glpi-project	glpi	0.83.8	Yes
Application	glpi-project	glpi	0.83.31	Yes

References

http://osvdb.org/94683 ([email protected])
http://seclists.org/oss-sec/2013/q2/626 ([email protected])
http://seclists.org/oss-sec/2013/q2/645 ([email protected])
http://www.exploit-db.com/exploits/26530 Exploit ([email protected])
http://www.securityfocus.com/bid/60823 ([email protected])
https://forge.indepnet.net/projects/glpi/repository/revisions/21169/diff Exploit, Patch ([email protected])
http://osvdb.org/94683 (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/oss-sec/2013/q2/626 (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/oss-sec/2013/q2/645 (af854a3a-2127-422b-91ae-364da2661108)
http://www.exploit-db.com/exploits/26530 Exploit (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/60823 (af854a3a-2127-422b-91ae-364da2661108)
https://forge.indepnet.net/projects/glpi/repository/revisions/21169/diff Exploit, Patch (af854a3a-2127-422b-91ae-364da2661108)