cbcvebase.
CVE-2013-2225
published 2014-05-27

CVE-2013-2225: inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the _predefined_fields parameter to…

PriorityP350medium6.4CVSS 2.0
AVNACLAuNCNIPAP
EXPLOIT
EPSS
7.56%
93.8th percentile
inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the _predefined_fields parameter to front/ticket.form.php.

Affected

58 ranges· showing 25
VendorProductVersion rangeFixed in
glpi-projectglpi<= 0.83.9
glpi-projectglpi
glpi-projectglpi
glpi-projectglpi
glpi-projectglpi
glpi-projectglpi
glpi-projectglpi
glpi-projectglpi
glpi-projectglpi
glpi-projectglpi
glpi-projectglpi
glpi-projectglpi
glpi-projectglpi
glpi-projectglpi
glpi-projectglpi
glpi-projectglpi
glpi-projectglpi
glpi-projectglpi
glpi-projectglpi
glpi-projectglpi
glpi-projectglpi
glpi-projectglpi
glpi-projectglpi
glpi-projectglpi
glpi-projectglpi

CVSS provenance

nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:P
osv6.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.