Main Vulnerability Database Exploits ID:4011 - Exploit for Input validation error in GLPI - CVE-2013-2225

ID:4011 - Exploit for Input validation error in GLPI - CVE-2013-2225

Published: August 11, 2020

Vulnerability identifier: #VU41606

Vulnerability risk: Medium

CVE-ID: CVE-2013-2225

CWE-ID: CWE-20

Exploitation vector: Remote access

Vulnerable software:
GLPI

Link to public exploit:

https://www.exploit-db.com/exploits/26530/

Vulnerability description

The vulnerability allows a remote non-authenticated attacker to manipulate or delete data.

inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the _predefined_fields parameter to front/ticket.form.php. Per: http://cwe.mitre.org/data/definitions/502.html "CWE-502: Deserialization of Untrusted Data"

Remediation

Install update from vendor's website.

ID:4011 - Exploit for Input validation error in GLPI - CVE-2013-2225

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human