Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[9.1.5] SQL injection in ajax/common.tabs.php #2475

Closed
AceSec opened this issue Jul 18, 2017 · 2 comments
Closed

[9.1.5] SQL injection in ajax/common.tabs.php #2475

AceSec opened this issue Jul 18, 2017 · 2 comments
Labels
security
Milestone
9.1.6

Comments

@AceSec
Copy link

AceSec commented Jul 18, 2017

ji.xu@dbappsecurity.com.cn

I have send the detail of "SQL injection in ajax/common.tabs.php" to your email. Please check.
@orthagh
Copy link
Contributor

orthagh commented Jul 19, 2017

Thank for your report, the issue is adressed and will be fixed in the next release

orthagh added a commit to orthagh/glpi that referenced this issue Jul 19, 2017
@orthagh
ensure crit is an integer; fix glpi-project#2475
9619f02
@orthagh orthagh mentioned this issue Jul 19, 2017
Merged
orthagh added a commit that referenced this issue Jul 19, 2017
@orthagh
S fixes (#2481)
a6c453a 
* ensure condition rule field is an integer; fix #2476

* ensure crit is an integer; fix #2475
@orthagh orthagh added this to the 9.1.5.1 milestone Jul 19, 2017
@AceSec
Copy link
Author

AceSec commented Jul 20, 2017

The CVE-ID of this vulnerability is CVE-2017-11474.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
security
Projects
None yet
Milestone
9.1.6
Development

No branches or pull requests
2 participants
@orthagh @AceSec