CVE-2013-2225
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
27/05/2014
Last modified:
12/04/2025
Description
inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the _predefined_fields parameter to front/ticket.form.php.
Impact
Base Score 2.0
6.40
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:* | 0.83.9 (including) | |
| cpe:2.3:a:glpi-project:glpi:0.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:glpi-project:glpi:0.5:rc1:*:*:*:*:*:* | ||
| cpe:2.3:a:glpi-project:glpi:0.5:rc2:*:*:*:*:*:* | ||
| cpe:2.3:a:glpi-project:glpi:0.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:glpi-project:glpi:0.6:rc1:*:*:*:*:*:* | ||
| cpe:2.3:a:glpi-project:glpi:0.6:rc2:*:*:*:*:*:* | ||
| cpe:2.3:a:glpi-project:glpi:0.6:rc3:*:*:*:*:*:* | ||
| cpe:2.3:a:glpi-project:glpi:0.20:*:*:*:*:*:*:* | ||
| cpe:2.3:a:glpi-project:glpi:0.21:*:*:*:*:*:*:* | ||
| cpe:2.3:a:glpi-project:glpi:0.30:*:*:*:*:*:*:* | ||
| cpe:2.3:a:glpi-project:glpi:0.31:*:*:*:*:*:*:* | ||
| cpe:2.3:a:glpi-project:glpi:0.40:*:*:*:*:*:*:* | ||
| cpe:2.3:a:glpi-project:glpi:0.41:*:*:*:*:*:*:* | ||
| cpe:2.3:a:glpi-project:glpi:0.42:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://osvdb.org/94683
- http://seclists.org/oss-sec/2013/q2/626
- http://seclists.org/oss-sec/2013/q2/645
- http://www.exploit-db.com/exploits/26530
- http://www.securityfocus.com/bid/60823
- https://forge.indepnet.net/projects/glpi/repository/revisions/21169/diff
- http://osvdb.org/94683
- http://seclists.org/oss-sec/2013/q2/626
- http://seclists.org/oss-sec/2013/q2/645
- http://www.exploit-db.com/exploits/26530
- http://www.securityfocus.com/bid/60823
- https://forge.indepnet.net/projects/glpi/repository/revisions/21169/diff