CVE-2013-2226

GLPI < 0.83.9 - SQL Injection via users_id_assign, filename, or table Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-2226.

AI-analyzed exploit summary This is a detailed technical writeup of CVE-2013-2226, which describes multiple error-based SQL injection vulnerabilities in GLPI v0.83.8. The analysis includes vulnerable code snippets, SQL error messages, and HTTP request examples demonstrating the exploitation vectors.

Description

Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow remote attackers to execute arbitrary SQL commands via the (1) users_id_assign parameter to ajax/ticketassigninformation.php, (2) filename parameter to front/document.form.php, or (3) table parameter to ajax/comments.php.

Exploits (1)

exploitdb WRITEUP
webappsphp
https://www.exploit-db.com/exploits/26366

This is a detailed technical writeup of CVE-2013-2226, which describes multiple error-based SQL injection vulnerabilities in GLPI v0.83.8. The analysis includes vulnerable code snippets, SQL error messages, and HTTP request examples demonstrating the exploitation vectors.

Classification
Writeup 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: GLPI v0.83.7 and v0.83.8
Auth required
Prerequisites: Access to authenticated sessions · Ability to send crafted POST requests
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3

Scores

EPSS 0.0277
EPSS Percentile 84.4%

Details

CWE
CWE-89
Status published
Products (10)
glpi-project/glpi 0.83
glpi-project/glpi 0.83.1
glpi-project/glpi 0.83.2
glpi-project/glpi 0.83.3
glpi-project/glpi 0.83.4
glpi-project/glpi 0.83.5
glpi-project/glpi 0.83.6
glpi-project/glpi 0.83.7
glpi-project/glpi 0.83.31
glpi-project/glpi < 0.83.8
Published May 14, 2014
Tracked Since Feb 18, 2026