CVE-2013-5696

Glpi < 0.84.1 - CSRF

Title source: rule

Description

inc/central.class.php in GLPI before 0.84.2 does not attempt to make install/install.php unavailable after an installation is completed, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and (1) perform a SQL injection via an Etape_4 action or (2) execute arbitrary PHP code via an update_1 action.

Exploits (3)

exploitdb WORKING POC VERIFIED

by High-Tech Bridge SA · textwebappsphp

https://www.exploit-db.com/exploits/28685

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotephp

https://www.exploit-db.com/exploits/28483

View Code ZIP pw:eip

metasploit WORKING POC MANUAL

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/glpi_install_rce.rb

View Code ZIP pw:eip

References (5)

[Patch] https://forge.indepnet.net/projects/glpi/repository/revisions/21753/diff/branches/0.84-bugfixes/inc/central.class.php

[Issue Tracking] https://forge.indepnet.net/issues/4480

[Patch] https://forge.indepnet.net/projects/glpi/repository/revisions/21753

[Exploit] https://www.navixia.com/blog/entry/navixia-finds-critical-vulnerabilities-in-glpi-cve-2013-5696.html

[Patch] http://www.glpi-project.org/spip.php?page=annonce&id_breve=308

Scores

EPSS 0.6395

EPSS Percentile 98.4%

Details

CWE

CWE-352

Status published

Products (31)

glpi-project/glpi 0.5 (3 CPE variants)

glpi-project/glpi 0.6 (4 CPE variants)

glpi-project/glpi 0.20

glpi-project/glpi 0.21

glpi-project/glpi 0.30

glpi-project/glpi 0.31

glpi-project/glpi 0.40

glpi-project/glpi 0.41

glpi-project/glpi 0.42

glpi-project/glpi 0.51

... and 21 more

Published Sep 23, 2013

Tracked Since Feb 18, 2026