CVE-2013-2226
Glpi < 0.83.8 - SQL Injection
Title source: ruleDescription
Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow remote attackers to execute arbitrary SQL commands via the (1) users_id_assign parameter to ajax/ticketassigninformation.php, (2) filename parameter to front/document.form.php, or (3) table parameter to ajax/comments.php.
Exploits (1)
Scores
EPSS
0.0259
EPSS Percentile
85.7%
Details
CWE
CWE-89
Status
published
Products (10)
glpi-project/glpi
0.83
glpi-project/glpi
0.83.1
glpi-project/glpi
0.83.2
glpi-project/glpi
0.83.3
glpi-project/glpi
0.83.4
glpi-project/glpi
0.83.5
glpi-project/glpi
0.83.6
glpi-project/glpi
0.83.7
glpi-project/glpi
0.83.31
glpi-project/glpi
< 0.83.8
Published
May 14, 2014
Tracked Since
Feb 18, 2026