SQL injection vulnerability in ajax/getDropdownValue.php in GLPI before 0.85.1 allows remote authenticated users to execute arbitrary SQL commands via the condition parameter.
References
Configurations
History
21 Nov 2024, 02:20
Type | Values Removed | Values Added |
---|---|---|
References | () http://advisories.mageia.org/MGASA-2015-0017.html - | |
References | () http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147271.html - | |
References | () http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147296.html - | |
References | () http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147313.html - | |
References | () http://osvdb.org/show/osvdb/115957 - | |
References | () http://secunia.com/advisories/61367 - | |
References | () http://security.szurek.pl/glpi-085-blind-sql-injection.html - Exploit | |
References | () http://www.exploit-db.com/exploits/35528 - Exploit | |
References | () http://www.glpi-project.org/spip.php?page=annonce&id_breve=334&lang=en - Patch, Vendor Advisory | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2015:167 - |
Information
Published : 2014-12-19 15:59
Updated : 2024-11-21 02:20
NVD link : CVE-2014-9258
Mitre link : CVE-2014-9258
CVE.ORG link : CVE-2014-9258
JSON object : View
Products Affected
glpi-project
- glpi
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')