Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2013-5696

inc/central.class.php in GLPI before 0.84.2 does not attempt to make install/install.php unavailable after an installation is completed, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and (1) perform a SQL injection via an Etape_4 action or (2) execute arbitrary PHP code via an update_1 action.

Published

2013-09-23T03:49:27.943

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.8 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

6.4

Weaknesses

Type: Primary
CWE-352

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	glpi-project	glpi	≤ 0.84.1	Yes
Application	glpi-project	glpi	0.5	Yes
Application	glpi-project	glpi	0.5	Yes
Application	glpi-project	glpi	0.5	Yes
Application	glpi-project	glpi	0.6	Yes
Application	glpi-project	glpi	0.6	Yes
Application	glpi-project	glpi	0.6	Yes
Application	glpi-project	glpi	0.6	Yes
Application	glpi-project	glpi	0.20	Yes
Application	glpi-project	glpi	0.21	Yes
Application	glpi-project	glpi	0.30	Yes
Application	glpi-project	glpi	0.31	Yes
Application	glpi-project	glpi	0.40	Yes
Application	glpi-project	glpi	0.41	Yes
Application	glpi-project	glpi	0.42	Yes
Application	glpi-project	glpi	0.51	Yes
Application	glpi-project	glpi	0.51a	Yes
Application	glpi-project	glpi	0.65	Yes
Application	glpi-project	glpi	0.65	Yes
Application	glpi-project	glpi	0.65	Yes
Application	glpi-project	glpi	0.68	Yes
Application	glpi-project	glpi	0.68	Yes
Application	glpi-project	glpi	0.68	Yes
Application	glpi-project	glpi	0.68	Yes
Application	glpi-project	glpi	0.68.1	Yes
Application	glpi-project	glpi	0.68.2	Yes
Application	glpi-project	glpi	0.68.3	Yes
Application	glpi-project	glpi	0.70	Yes
Application	glpi-project	glpi	0.70	Yes
Application	glpi-project	glpi	0.70	Yes
Application	glpi-project	glpi	0.70	Yes
Application	glpi-project	glpi	0.70.1	Yes
Application	glpi-project	glpi	0.70.2	Yes
Application	glpi-project	glpi	0.71	Yes
Application	glpi-project	glpi	0.71.1	Yes
Application	glpi-project	glpi	0.71.1	Yes
Application	glpi-project	glpi	0.71.1	Yes
Application	glpi-project	glpi	0.71.1	Yes
Application	glpi-project	glpi	0.71.2	Yes
Application	glpi-project	glpi	0.71.3	Yes
Application	glpi-project	glpi	0.71.4	Yes
Application	glpi-project	glpi	0.71.5	Yes
Application	glpi-project	glpi	0.71.6	Yes
Application	glpi-project	glpi	0.72	Yes
Application	glpi-project	glpi	0.72	Yes
Application	glpi-project	glpi	0.72	Yes
Application	glpi-project	glpi	0.72	Yes
Application	glpi-project	glpi	0.72.1	Yes
Application	glpi-project	glpi	0.72.2	Yes
Application	glpi-project	glpi	0.72.3	Yes
Application	glpi-project	glpi	0.72.4	Yes
Application	glpi-project	glpi	0.78	Yes
Application	glpi-project	glpi	0.78.1	Yes
Application	glpi-project	glpi	0.78.2	Yes
Application	glpi-project	glpi	0.78.3	Yes
Application	glpi-project	glpi	0.78.4	Yes
Application	glpi-project	glpi	0.78.5	Yes
Application	glpi-project	glpi	0.80	Yes
Application	glpi-project	glpi	0.80.1	Yes
Application	glpi-project	glpi	0.80.2	Yes
Application	glpi-project	glpi	0.80.3	Yes
Application	glpi-project	glpi	0.80.4	Yes
Application	glpi-project	glpi	0.80.5	Yes
Application	glpi-project	glpi	0.80.6	Yes
Application	glpi-project	glpi	0.80.7	Yes
Application	glpi-project	glpi	0.80.61	Yes
Application	glpi-project	glpi	0.83	Yes
Application	glpi-project	glpi	0.83.1	Yes
Application	glpi-project	glpi	0.83.2	Yes
Application	glpi-project	glpi	0.83.3	Yes
Application	glpi-project	glpi	0.83.4	Yes
Application	glpi-project	glpi	0.83.5	Yes
Application	glpi-project	glpi	0.83.6	Yes
Application	glpi-project	glpi	0.83.7	Yes
Application	glpi-project	glpi	0.83.8	Yes
Application	glpi-project	glpi	0.83.9	Yes
Application	glpi-project	glpi	0.83.31	Yes
Application	glpi-project	glpi	0.83.91	Yes
Application	glpi-project	glpi	0.84	Yes

References

http://www.glpi-project.org/spip.php?page=annonce&id_breve=308 Patch ([email protected])
https://forge.indepnet.net/issues/4480 ([email protected])
https://forge.indepnet.net/projects/glpi/repository/revisions/21753 Patch ([email protected])
https://forge.indepnet.net/projects/glpi/repository/revisions/21753/diff/branches/0.84-bugfixes/inc/central.class.php Patch ([email protected])
https://www.navixia.com/blog/entry/navixia-finds-critical-vulnerabilities-in-glpi-cve-2013-5696.html Exploit ([email protected])
http://www.glpi-project.org/spip.php?page=annonce&id_breve=308 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://forge.indepnet.net/issues/4480 (af854a3a-2127-422b-91ae-364da2661108)
https://forge.indepnet.net/projects/glpi/repository/revisions/21753 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://forge.indepnet.net/projects/glpi/repository/revisions/21753/diff/branches/0.84-bugfixes/inc/central.class.php Patch (af854a3a-2127-422b-91ae-364da2661108)
https://www.navixia.com/blog/entry/navixia-finds-critical-vulnerabilities-in-glpi-cve-2013-5696.html Exploit (af854a3a-2127-422b-91ae-364da2661108)