This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
HTTP:GLPI-INSTALLPHP-RCE
|
Severity |
Major
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
HTTP
|
Keywords |
GLPI install.php Script Arbitrary Command and SQL Injection
|
Release Date |
2013/11/25
|
Update Number |
2322
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
HTTP: GLPI install.php Script Arbitrary Command and SQL Injection
This signature detects attempts to exploit a known vulnerability against GLPI web application. It is due to insufficient validation of user-supplied input. Attackers can execute arbitrary commands or submit malicious SQL statements to the underlying database.
Extended Description
inc/central.class.php in GLPI before 0.84.2 does not attempt to make install/install.php unavailable after an installation is completed, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and (1) perform a SQL injection via an Etape_4 action or (2) execute arbitrary PHP code via an update_1 action.
Affected Products
- Glpi-project glpi 0.20
- Glpi-project glpi 0.21
- Glpi-project glpi 0.30
- Glpi-project glpi 0.31
- Glpi-project glpi 0.40
- Glpi-project glpi 0.41
- Glpi-project glpi 0.42
- Glpi-project glpi 0.5
- Glpi-project glpi 0.51
- Glpi-project glpi 0.51a
- Glpi-project glpi 0.6
- Glpi-project glpi 0.65
- Glpi-project glpi 0.68
- Glpi-project glpi 0.68.1
- Glpi-project glpi 0.68.2
- Glpi-project glpi 0.68.3
- Glpi-project glpi 0.70
- Glpi-project glpi 0.70.1
- Glpi-project glpi 0.70.2
- Glpi-project glpi 0.71
- Glpi-project glpi 0.71.1
- Glpi-project glpi 0.71.2
- Glpi-project glpi 0.71.3
- Glpi-project glpi 0.71.4
- Glpi-project glpi 0.71.5
- Glpi-project glpi 0.71.6
- Glpi-project glpi 0.72
- Glpi-project glpi 0.72.1
- Glpi-project glpi 0.72.2
- Glpi-project glpi 0.72.3
- Glpi-project glpi 0.72.4
- Glpi-project glpi 0.78
- Glpi-project glpi 0.78.1
- Glpi-project glpi 0.78.2
- Glpi-project glpi 0.78.3
- Glpi-project glpi 0.78.4
- Glpi-project glpi 0.78.5
- Glpi-project glpi 0.80
- Glpi-project glpi 0.80.1
- Glpi-project glpi 0.80.2
- Glpi-project glpi 0.80.3
- Glpi-project glpi 0.80.4
- Glpi-project glpi 0.80.5
- Glpi-project glpi 0.80.6
- Glpi-project glpi 0.80.61
- Glpi-project glpi 0.80.7
- Glpi-project glpi 0.83
- Glpi-project glpi 0.83.1
- Glpi-project glpi 0.83.2
- Glpi-project glpi 0.83.3
- Glpi-project glpi 0.83.31
- Glpi-project glpi 0.83.4
- Glpi-project glpi 0.83.5
- Glpi-project glpi 0.83.6
- Glpi-project glpi 0.83.7
- Glpi-project glpi 0.83.8
- Glpi-project glpi 0.83.9
- Glpi-project glpi 0.83.91
- Glpi-project glpi 0.84
- Glpi-project glpi 0.84.1
References