CVE-2013-2225
published 2014-05-27CVE-2013-2225: inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the _predefined_fields parameter to…
PriorityP350medium6.4CVSS 2.0
AVNACLAuNCNIPAP
EXPLOIT
EPSS
7.56%
93.8th percentile
inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the _predefined_fields parameter to front/ticket.form.php.
Affected
58 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| glpi-project | glpi | <= 0.83.9 | — |
| glpi-project | glpi | — | — |
| glpi-project | glpi | — | — |
| glpi-project | glpi | — | — |
| glpi-project | glpi | — | — |
| glpi-project | glpi | — | — |
| glpi-project | glpi | — | — |
| glpi-project | glpi | — | — |
| glpi-project | glpi | — | — |
| glpi-project | glpi | — | — |
| glpi-project | glpi | — | — |
| glpi-project | glpi | — | — |
| glpi-project | glpi | — | — |
| glpi-project | glpi | — | — |
| glpi-project | glpi | — | — |
| glpi-project | glpi | — | — |
| glpi-project | glpi | — | — |
| glpi-project | glpi | — | — |
| glpi-project | glpi | — | — |
| glpi-project | glpi | — | — |
| glpi-project | glpi | — | — |
| glpi-project | glpi | — | — |
| glpi-project | glpi | — | — |
| glpi-project | glpi | — | — |
| glpi-project | glpi | — | — |
CVSS provenance
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:P
osv6.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-59pp-p9gx-7j93: inc/ticket
ghsa_unreviewed·2022-05-17
CVE-2013-2225 [MEDIUM] GHSA-59pp-p9gx-7j93: inc/ticket
inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the _predefined_fields parameter to front/ticket.form.php.
OSV
CVE-2013-2225: inc/ticket
osv·2014-05-27·CVSS 6.4
CVE-2013-2225 [MEDIUM] CVE-2013-2225: inc/ticket
inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the _predefined_fields parameter to front/ticket.form.php.
No detection rules found.
No writeups or analysis indexed.
http://osvdb.org/94683http://seclists.org/oss-sec/2013/q2/626http://seclists.org/oss-sec/2013/q2/645http://www.exploit-db.com/exploits/26530http://www.securityfocus.com/bid/60823https://forge.indepnet.net/projects/glpi/repository/revisions/21169/diffhttp://osvdb.org/94683http://seclists.org/oss-sec/2013/q2/626http://seclists.org/oss-sec/2013/q2/645http://www.exploit-db.com/exploits/26530http://www.securityfocus.com/bid/60823https://forge.indepnet.net/projects/glpi/repository/revisions/21169/diff
2014-05-27
Published