Bug #4480

Security fix - CVE-2013-5696

Added by webmyster almost 2 years ago. Updated almost 2 years ago.

Status:ClosedStart date:09/09/2013
Priority:HighDue date:
Assignee:webmyster% Done:

100%

Category:Install / Update
Target version:0.84.2

Description

Fix : SQL Injection & PHP Code Execution

Navixia SA
CVE-2013-5696

High-Tech Bridge Security Research Lab
Advisory ID: HTB23173


Related issues

Related to GLPI-PROJECT - Task #4483: Review install process New 09/11/2013

Associated revisions

Revision 21707
Added by webmyster almost 2 years ago

Fix CZRF for install process (see #4480)

Revision 21708
Added by webmyster almost 2 years ago

[0.85] report previous (see #4480)

Revision 21709
Added by webmyster almost 2 years ago

[0.83] Report previous (see #4480)

Revision 21720
Added by webmyster almost 2 years ago

Use $_SESSION instead of $_POST during install (see #4480)

Revision 21721
Added by webmyster almost 2 years ago

[0.84] Use $_SESSION instead of $_POST during install (see #4480)

Revision 21722
Added by webmyster almost 2 years ago

[0.83] Use $_SESSION instead of $_POST during install (see #4480)

Revision 21732
Added by moyo almost 2 years ago

Protect url_base injection see #4480

Revision 21733
Added by moyo almost 2 years ago

[0.84] Protect url_base injection see #4480

Revision 21744
Added by moyo almost 2 years ago

[0.85] fix upgrade for rights + more work for #4480

Revision 21745
Added by moyo almost 2 years ago

more work for #4480

Revision 21746
Added by moyo almost 2 years ago

[0.85] more work for #4480

Revision 21747
Added by moyo almost 2 years ago

more work for #4480

Revision 21748
Added by moyo almost 2 years ago

[0.85] fix last see #4480 (moyo tired)

Revision 21749
Added by moyo almost 2 years ago

fix last see #4480 (moyo tired)

Revision 21750
Added by moyo almost 2 years ago

[0.85] more security check see #4480

Revision 21751
Added by moyo almost 2 years ago

more security check see #4480

Revision 21752
Added by moyo almost 2 years ago

[0.85] add warning see #4480

Revision 21753
Added by moyo almost 2 years ago

add warning see #4480

History

#1 Updated by webmyster almost 2 years ago

  • % Done changed from 0 to 50

Jobs done for 0.83, 0.84 and 0.85. Don't know how to integrate for previous version (CSRF is missing).

#2 Updated by moyo almost 2 years ago

  • Target version set to 0.84.2

#3 Updated by moyo almost 2 years ago

  • Category changed from DB Scheme to Install / Update

#4 Updated by webmyster almost 2 years ago

  • Status changed from Assigned to Resolved
  • % Done changed from 50 to 100

#5 Updated by moyo almost 2 years ago

  • Subject changed from CVE-2013-5696: security fix (CSRF for install process) to CVE-2013-5696: security fix

#6 Updated by jmd almost 2 years ago

  • Subject changed from CVE-2013-5696: security fix to Security fix

#7 Updated by jmd almost 2 years ago

  • Subject changed from Security fix to Security fix - CVE-2013-5696

#8 Updated by moyo almost 2 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF