CVE-2013-2227
HIGHGLPI 0.83.7 - Local File Inclusion via common.tabs.php
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2013-2227. PoCs published by LiquidWorm.
AI-analyzed exploit summary This exploit demonstrates multiple error-based SQL injection vulnerabilities in GLPI v0.83.8. It includes proof-of-concept HTTP requests targeting specific parameters in different scripts, showing how unsanitized input can manipulate SQL queries.
Description
GLPI 0.83.7 has Local File Inclusion in common.tabs.php.
Exploits (1)
exploitdb
WORKING POC
by LiquidWorm · textwebappsphp
https://www.exploit-db.com/exploits/26366
This exploit demonstrates multiple error-based SQL injection vulnerabilities in GLPI v0.83.8. It includes proof-of-concept HTTP requests targeting specific parameters in different scripts, showing how unsanitized input can manipulate SQL queries.
Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:
GLPI v0.83.7 and v0.83.8
Auth required
Prerequisites:
Access to the application with valid session cookies · Network access to the target server
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (5)
Core 5
Core References
Third Party Advisory x_refsource_misc
https://security-tracker.debian.org/tracker/CVE-2013-2227
Broken Link x_refsource_misc
https://access.redhat.com/security/cve/cve-2013-2227
Mailing List, Third Party Advisory x_refsource_misc
http://www.openwall.com/lists/oss-security/2013/06/30/10
Third Party Advisory, VDB Entry x_refsource_misc
http://www.securityfocus.com/bid/60692
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://packetstormsecurity.com/files/122087/GLPI-0.83.7-Parameter-Traversal-Arbitrary-File-Access.html
Scores
CVSS v3
7.5
EPSS
0.1298
EPSS Percentile
95.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-20
Status
published
Products (2)
debian/debian_linux
8.0
glpi-project/glpi
0.83.7
Published
Nov 01, 2019
Tracked Since
Feb 18, 2026