Vulnerabilities > CVE-2013-2225 - Remote PHP Code Execution vulnerability in GLPI 'unserialize()' Function

CVSS 6.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

glpi-project

nessus

exploit available

NVD

Published: 2014-05-27

Updated: 2014-05-28

Summary

inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the _predefined_fields parameter to front/ticket.form.php. Per: http://cwe.mitre.org/data/definitions/502.html "CWE-502: Deserialization of Untrusted Data"

Vulnerable Configurations

Part	Description	Count
Application	Glpi-Project Glpi Project Glpi 0.5 Glpi Project Glpi 0.6 Glpi Project Glpi 0.20 Glpi Project Glpi 0.21 Glpi Project Glpi 0.30 Glpi Project Glpi 0.31 Glpi Project Glpi 0.40 Glpi Project Glpi 0.41 Glpi Project Glpi 0.42 Glpi Project Glpi 0.51 Glpi Project Glpi 0.51A Glpi Project Glpi 0.65 Glpi Project Glpi 0.68 Glpi Project Glpi 0.68.1 Glpi Project Glpi 0.68.2 Glpi Project Glpi 0.68.3 Glpi Project Glpi 0.70 Glpi Project Glpi 0.70.1 Glpi Project Glpi 0.70.2 Glpi Project Glpi 0.71 Glpi Project Glpi 0.71.1 Glpi Project Glpi 0.71.2 Glpi Project Glpi 0.71.3 Glpi Project Glpi 0.71.4 Glpi Project Glpi 0.71.5 Glpi Project Glpi 0.71.6 Glpi Project Glpi 0.72 Glpi Project Glpi 0.72.1 Glpi Project Glpi 0.72.2 Glpi Project Glpi 0.72.3 Glpi Project Glpi 0.72.4 Glpi Project Glpi 0.78 Glpi Project Glpi 0.78.1 Glpi Project Glpi 0.78.2 Glpi Project Glpi 0.78.3 Glpi Project Glpi 0.78.4 Glpi Project Glpi 0.78.5 Glpi Project Glpi 0.80 Glpi Project Glpi 0.80.1 Glpi Project Glpi 0.80.2 Glpi Project Glpi 0.80.3 Glpi Project Glpi 0.80.4 Glpi Project Glpi 0.80.5 Glpi Project Glpi 0.80.6 Glpi Project Glpi 0.80.7 Glpi Project Glpi 0.80.61 Glpi Project Glpi 0.83 Glpi Project Glpi 0.83.1 Glpi Project Glpi 0.83.2 Glpi Project Glpi 0.83.3 Glpi Project Glpi 0.83.4 Glpi Project Glpi 0.83.5 Glpi Project Glpi 0.83.6 Glpi Project Glpi 0.83.7 Glpi Project Glpi 0.83.8 Glpi Project Glpi 0.20.1 Glpi Project Glpi 0.50 Glpi Project Glpi 0.60 Glpi Project Glpi 0.68.3-2 Glpi Project Glpi 0.72.21 Glpi Project Glpi 0.83.9 Glpi Project Glpi 0.83.31	82

Exploit-Db

description	GLPI 0.83.9 - 'unserialize()' Function Remote Code Execution Vulnerability. CVE-2013-2225. Webapps exploit for php platform
file	exploits/php/webapps/26530.txt
id	EDB-ID:26530
last seen	2016-02-03
modified	2013-07-01
platform	php
port
published	2013-07-01
reporter	Xavier Mehrenberger
source	https://www.exploit-db.com/download/26530/
title	GLPI 0.83.9 - 'unserialize' Function Remote Code Execution Vulnerability
type	webapps

Nessus

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2013-11396.NASL
description	Upstream changelog : - Bug #4306: Notification on delete document - Bug #4308: Knowbase : encoding issue to clean search - Bug #4309: Items disappear when you click in tabscrollermenu (vertical list of tabs) - Bug #4310: Password with < or > - Bug #4313: Search problem on tab group view in central - Bug #4329: Task status in notification - Bug #4332: CronAlertNotClosed : problem of sending after X days : date control error - Bug #4341: Problem user notification edition - Bug #4348: Recursivity for license in search engine - Bug #4352: Entity alert bug - Bug #4355: avoid
last seen	2020-03-17
modified	2013-07-12
plugin id	67307
published	2013-07-12
reporter	This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/67307
title	Fedora 18 : glpi-0.83.9.1-1.fc18 (2013-11396)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2013-11396. # include("compat.inc"); if (description) { script_id(67307); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_bugtraq_id(60692, 60693, 60823); script_xref(name:"FEDORA", value:"2013-11396"); script_name(english:"Fedora 18 : glpi-0.83.9.1-1.fc18 (2013-11396)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Upstream changelog : - Bug #4306: Notification on delete document - Bug #4308: Knowbase : encoding issue to clean search - Bug #4309: Items disappear when you click in tabscrollermenu (vertical list of tabs) - Bug #4310: Password with < or > - Bug #4313: Search problem on tab group view in central - Bug #4329: Task status in notification - Bug #4332: CronAlertNotClosed : problem of sending after X days : date control error - Bug #4341: Problem user notification edition - Bug #4348: Recursivity for license in search engine - Bug #4352: Entity alert bug - Bug #4355: avoid 'Mailbox is empty' with mail collector - Bug #4367: Cannot use as default view a public bookmark - Bug #4372: CVE-2013-2226 Security : filtering REQUEST as POST and GET - Bug #4375: CVE-2013-2225 + CVE-2013-2227 : Security fix ( serialize + filter classname for autoload) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/110788.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?28f99aba" ); script_set_attribute(attribute:"solution", value:"Update the affected glpi package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:glpi"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:18"); script_set_attribute(attribute:"patch_publication_date", value:"2013/06/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^18([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 18.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC18", reference:"glpi-0.83.9.1-1.fc18")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glpi"); }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2013-11315.NASL
description	Upstream changelog : - Bug #4306: Notification on delete document - Bug #4308: Knowbase : encoding issue to clean search - Bug #4309: Items disappear when you click in tabscrollermenu (vertical list of tabs) - Bug #4310: Password with < or > - Bug #4313: Search problem on tab group view in central - Bug #4329: Task status in notification - Bug #4332: CronAlertNotClosed : problem of sending after X days : date control error - Bug #4341: Problem user notification edition - Bug #4348: Recursivity for license in search engine - Bug #4352: Entity alert bug - Bug #4355: avoid
last seen	2020-03-17
modified	2013-07-12
plugin id	67305
published	2013-07-12
reporter	This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/67305
title	Fedora 19 : glpi-0.83.9.1-1.fc19 (2013-11315)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2013-11315. # include("compat.inc"); if (description) { script_id(67305); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_bugtraq_id(60692, 60693, 60823); script_xref(name:"FEDORA", value:"2013-11315"); script_name(english:"Fedora 19 : glpi-0.83.9.1-1.fc19 (2013-11315)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Upstream changelog : - Bug #4306: Notification on delete document - Bug #4308: Knowbase : encoding issue to clean search - Bug #4309: Items disappear when you click in tabscrollermenu (vertical list of tabs) - Bug #4310: Password with < or > - Bug #4313: Search problem on tab group view in central - Bug #4329: Task status in notification - Bug #4332: CronAlertNotClosed : problem of sending after X days : date control error - Bug #4341: Problem user notification edition - Bug #4348: Recursivity for license in search engine - Bug #4352: Entity alert bug - Bug #4355: avoid 'Mailbox is empty' with mail collector - Bug #4367: Cannot use as default view a public bookmark - Bug #4372: CVE-2013-2226 Security : filtering REQUEST as POST and GET - Bug #4375: CVE-2013-2225 + CVE-2013-2227 : Security fix ( serialize + filter classname for autoload) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/110621.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b74cac6f" ); script_set_attribute(attribute:"solution", value:"Update the affected glpi package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:glpi"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:19"); script_set_attribute(attribute:"patch_publication_date", value:"2013/06/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^19([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 19.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC19", reference:"glpi-0.83.9.1-1.fc19")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glpi"); }

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2013-240.NASL
description	Updated glpi package fixes security vulnerabilities : Multiple security vulnerabilities due to improper sanitation of user input in GLPI before versions 0.83.9 (CVE-2013-2226), 0.83.91 (CVE-2013-2225), and 0.84.2 (CVE-2013-5696). This update provides GLPI version 0.83.91, with a patch from GLPI 0.84.2, to fix these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	70132
published	2013-09-26
reporter	This script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/70132
title	Mandriva Linux Security Advisory : glpi (MDVSA-2013:240)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2013:240. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(70132); script_version("1.6"); script_cvs_date("Date: 2019/08/02 13:32:55"); script_cve_id("CVE-2013-2225", "CVE-2013-2226", "CVE-2013-5696"); script_xref(name:"MDVSA", value:"2013:240"); script_name(english:"Mandriva Linux Security Advisory : glpi (MDVSA-2013:240)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Mandriva Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "Updated glpi package fixes security vulnerabilities : Multiple security vulnerabilities due to improper sanitation of user input in GLPI before versions 0.83.9 (CVE-2013-2226), 0.83.91 (CVE-2013-2225), and 0.84.2 (CVE-2013-5696). This update provides GLPI version 0.83.91, with a patch from GLPI 0.84.2, to fix these issues." ); script_set_attribute( attribute:"see_also", value:"http://advisories.mageia.org/MGASA-2013-0288.html" ); script_set_attribute(attribute:"solution", value:"Update the affected glpi package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"d2_elliot_name", value:"GLPI 0.84.1 RCE"); script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'GLPI install.php Remote Command Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glpi"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1"); script_set_attribute(attribute:"patch_publication_date", value:"2013/09/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/26"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64\|i[3-6]86\|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK-MBS1", reference:"glpi-0.83.91-1.1.mbs1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2013-11413.NASL
description	Upstream changelog : - Bug #4306: Notification on delete document - Bug #4308: Knowbase : encoding issue to clean search - Bug #4309: Items disappear when you click in tabscrollermenu (vertical list of tabs) - Bug #4310: Password with < or > - Bug #4313: Search problem on tab group view in central - Bug #4329: Task status in notification - Bug #4332: CronAlertNotClosed : problem of sending after X days : date control error - Bug #4341: Problem user notification edition - Bug #4348: Recursivity for license in search engine - Bug #4352: Entity alert bug - Bug #4355: avoid
last seen	2020-03-17
modified	2013-07-12
plugin id	67310
published	2013-07-12
reporter	This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/67310
title	Fedora 17 : glpi-0.83.9.1-1.fc17 (2013-11413)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2013-11413. # include("compat.inc"); if (description) { script_id(67310); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_xref(name:"FEDORA", value:"2013-11413"); script_name(english:"Fedora 17 : glpi-0.83.9.1-1.fc17 (2013-11413)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Upstream changelog : - Bug #4306: Notification on delete document - Bug #4308: Knowbase : encoding issue to clean search - Bug #4309: Items disappear when you click in tabscrollermenu (vertical list of tabs) - Bug #4310: Password with < or > - Bug #4313: Search problem on tab group view in central - Bug #4329: Task status in notification - Bug #4332: CronAlertNotClosed : problem of sending after X days : date control error - Bug #4341: Problem user notification edition - Bug #4348: Recursivity for license in search engine - Bug #4352: Entity alert bug - Bug #4355: avoid 'Mailbox is empty' with mail collector - Bug #4367: Cannot use as default view a public bookmark - Bug #4372: CVE-2013-2226 Security : filtering REQUEST as POST and GET - Bug #4375: CVE-2013-2225 + CVE-2013-2227 : Security fix ( serialize + filter classname for autoload) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/110794.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?439915a2" ); script_set_attribute(attribute:"solution", value:"Update the affected glpi package."); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:glpi"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:17"); script_set_attribute(attribute:"patch_publication_date", value:"2013/06/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^17([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 17.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC17", reference:"glpi-0.83.9.1-1.fc17")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glpi"); }

Packetstorm

data source	https://packetstormsecurity.com/files/download/122242/glpi-exec.txt
id	PACKETSTORM:122242
last seen	2016-12-05
published	2013-07-01
reporter	Packet Storm
source	https://packetstormsecurity.com/files/122242/GLPI-0.83.9-Code-Execution.html
title	GLPI 0.83.9 Code Execution

Summary

Vulnerable Configurations

Exploit-Db

Nessus

Packetstorm

References