CVE-2018-13049

Опубликовано: 02 июл. 2018

Источник: debian

Описание

The constructSQL function in inc/search.class.php in GLPI 9.2.x through 9.3.0 allows SQL Injection, as demonstrated by triggering a crafted LIMIT clause to front/computer.php.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
glpi	removed			package

Примечания

https://github.com/glpi-project/glpi/issues/4270
https://github.com/trasher/glpi/commit/5c58d4c57be7b1e0c1de925b97f22d4468291d41
Only supported behind an authenticated HTTP zone

Связанные уязвимости

CVE-2018-13049

CVSS3: 8.8

ubuntu

больше 7 лет назад

The constructSQL function in inc/search.class.php in GLPI 9.2.x through 9.3.0 allows SQL Injection, as demonstrated by triggering a crafted LIMIT clause to front/computer.php.

CVE-2018-13049

CVSS3: 8.8

nvd

больше 7 лет назад

The constructSQL function in inc/search.class.php in GLPI 9.2.x through 9.3.0 allows SQL Injection, as demonstrated by triggering a crafted LIMIT clause to front/computer.php.

GHSA-jv6v-v4cc-m777

CVSS3: 8.8

github

больше 3 лет назад

The constructSQL function in inc/search.class.php in GLPI 9.2.x through 9.3.0 allows SQL Injection, as demonstrated by triggering a crafted LIMIT clause to front/computer.php.