CVE-2012-1037 — Code Injection in Glpi

CWE-94 — Code Injection4 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.6%

top 30.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Glpi-project Glpi

Timeline

PublishedJul 12

Latest updateMay 17

Description

PHP remote file inclusion vulnerability in front/popup.php in GLPI 0.78 through 0.80.61 allows remote authenticated users to execute arbitrary PHP code via a URL in the sub_type parameter.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages1 packages

▶NVDglpi-project/glpi14 versions+13

🔴Vulnerability Details

GHSA

GHSA-w885-g67j-xwcg: PHP remote file inclusion vulnerability in front/popup↗2022-05-17

▶

💬Community

Bugzilla

CVE-2012-1037 glpi 0.80.6 sub_type parameter local and remote file include and execution [fedora-all]↗2012-02-11

▶

Bugzilla

CVE-2012-1037 glpi 0.80.6 sub_type parameter local and remote file include and execution↗2012-02-11

▶