CVE-2012-1037

GLPI 0.78-0.80.61 - Authenticated Remote Code Execution via sub_type Parameter

Title source: llm

Description

PHP remote file inclusion vulnerability in front/popup.php in GLPI 0.78 through 0.80.61 allows remote authenticated users to execute arbitrary PHP code via a URL in the sub_type parameter.

References (5)

Core 5

Core References

Various Sources x_refsource_confirm

https://forge.indepnet.net/projects/glpi/versions/685

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2012:016

Mailing List mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2012/Feb/157

Issue Tracking x_refsource_confirm

https://forge.indepnet.net/issues/3338

Various Sources x_refsource_confirm

https://forge.indepnet.net/projects/glpi/repository/revisions/17457/diff/branches/0.80-bugfixes/front/popup.php

Scores

EPSS 0.0061

EPSS Percentile 69.9%

Details

CWE

CWE-94

Status published

Products (14)

glpi-project/glpi 0.78

glpi-project/glpi 0.78.1

glpi-project/glpi 0.78.2

glpi-project/glpi 0.78.3

glpi-project/glpi 0.78.4

glpi-project/glpi 0.78.5

glpi-project/glpi 0.80

glpi-project/glpi 0.80.1

glpi-project/glpi 0.80.2

glpi-project/glpi 0.80.3

... and 4 more

Published Jul 12, 2012

Tracked Since Feb 18, 2026