Bug #4480

Security fix - CVE-2013-5696

Added by webmyster 8 months ago. Updated 7 months ago.

Status:Closed Start date:09/09/2013
Priority:High Due date:
Assignee:webmyster % Done:

100%

Category:Install / Update
Target version:0.84.2

Description

Fix : SQL Injection & PHP Code Execution

Navixia SA
CVE-2013-5696

High-Tech Bridge Security Research Lab
Advisory ID: HTB23173


Related issues

related to GLPI-PROJECT - Task #4483: Review install process New 09/11/2013

Associated revisions

Revision 21707
Added by webmyster 8 months ago

Fix CZRF for install process (see #4480)

Revision 21708
Added by webmyster 8 months ago

[0.85] report previous (see #4480)

Revision 21709
Added by webmyster 8 months ago

[0.83] Report previous (see #4480)

Revision 21720
Added by webmyster 7 months ago

Use $_SESSION instead of $_POST during install (see #4480)

Revision 21721
Added by webmyster 7 months ago

[0.84] Use $_SESSION instead of $_POST during install (see #4480)

Revision 21722
Added by webmyster 7 months ago

[0.83] Use $_SESSION instead of $_POST during install (see #4480)

Revision 21732
Added by moyo 7 months ago

Protect url_base injection see #4480

Revision 21733
Added by moyo 7 months ago

[0.84] Protect url_base injection see #4480

Revision 21744
Added by moyo 7 months ago

[0.85] fix upgrade for rights + more work for #4480

Revision 21745
Added by moyo 7 months ago

more work for #4480

Revision 21746
Added by moyo 7 months ago

[0.85] more work for #4480

Revision 21747
Added by moyo 7 months ago

more work for #4480

Revision 21748
Added by moyo 7 months ago

[0.85] fix last see #4480 (moyo tired)

Revision 21749
Added by moyo 7 months ago

fix last see #4480 (moyo tired)

Revision 21750
Added by moyo 7 months ago

[0.85] more security check see #4480

Revision 21751
Added by moyo 7 months ago

more security check see #4480

Revision 21752
Added by moyo 7 months ago

[0.85] add warning see #4480

Revision 21753
Added by moyo 7 months ago

add warning see #4480

History

Updated by webmyster 8 months ago

  • % Done changed from 0 to 50

Jobs done for 0.83, 0.84 and 0.85. Don't know how to integrate for previous version (CSRF is missing).

Updated by moyo 8 months ago

  • Target version set to 0.84.2

Updated by moyo 7 months ago

  • Category changed from DB Scheme to Install / Update

Updated by webmyster 7 months ago

  • Status changed from Assigned to Resolved
  • % Done changed from 50 to 100

Updated by moyo 7 months ago

  • Subject changed from CVE-2013-5696: security fix (CSRF for install process) to CVE-2013-5696: security fix

Updated by jmd 7 months ago

  • Subject changed from CVE-2013-5696: security fix to Security fix

Updated by jmd 7 months ago

  • Subject changed from Security fix to Security fix - CVE-2013-5696

Updated by moyo 7 months ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF