Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-2225 — Glpi vulnerability

4 documents4 sources

Severity

6.4MEDIUMNVD

EPSS

12.3%

top 6.09%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Glpi-project Glpi

Timeline

PublishedMay 27

Latest updateMay 17

Description

inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the _predefined_fields parameter to front/ticket.form.php.

CVSS vector

AV:N/AC:L/C:N/I:P/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages2 packages

▶Ubuntuglpi-project/glpi< 0.84.3+dfsg.1-1

▶NVDglpi-project/glpi0.83.9+56

Patches

Patch: forge.indepnet.net ↗Patch: forge.indepnet.net ↗

🔴Vulnerability Details

GHSA

GHSA-59pp-p9gx-7j93: inc/ticket↗2022-05-17

▶

OSV

CVE-2013-2225: inc/ticket↗2014-05-27

▶

💥Exploits & PoCs

Exploit-DB

GLPI 0.83.9 - 'Unserialize()' Remote Code Execution↗2013-07-01

▶