|
|
|||
| Rule General Information |
|---|
| Release Date: | 2014-01-14 | |
| Rule Name: | GLPI Install.php Remote Command Execution Vulnerability -1 (CVE-2013-5696) | |
| Severity: | Medium | |
| CVE ID: | CVE-2013-5696 | |
| Rule Protection Details |
|---|
| Description: | inc/central.class.php in GLPI before 0.84.2 does not attempt to make install/install.php unavailable after an installation is completed, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and (1) perform a SQL injection via an Etape_4 action or (2) execute arbitrary PHP code via an update_1 action. | |
| Impact: | An attacker can execute arbitrary command via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Windows, Other Unix, Linux | |
| Reference: | http://www.glpi-project.org/spip.php?page=annonce&id_breve=308 https://forge.indepnet.net/issues/4480 https://forge.indepnet.net/projects/glpi/repository/revisions/21753 |
|
| Solutions |
|---|
| The vendor has updated advisory on its official website. Please check it for more information. |