Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[9.1.5] SQL injection in front/rulesengine.test.php #2476

Closed
AceSec opened this issue Jul 18, 2017 · 3 comments
Closed

[9.1.5] SQL injection in front/rulesengine.test.php #2476

AceSec opened this issue Jul 18, 2017 · 3 comments
Labels
Milestone

Comments

@AceSec
Copy link

@AceSec AceSec commented Jul 18, 2017

ji.xu@dbappsecurity.com.cn

I have send the detail of "SQL injection in front/rulesengine.test.php" to your email. Please check.

orthagh added a commit to orthagh/glpi that referenced this issue Jul 19, 2017
@orthagh orthagh mentioned this issue Jul 19, 2017
orthagh added a commit that referenced this issue Jul 19, 2017
* ensure condition rule field is an integer; fix #2476

* ensure crit is an integer; fix #2475
@orthagh orthagh added this to the 9.1.5.1 milestone Jul 19, 2017
@AceSec
Copy link
Author

@AceSec AceSec commented Jul 20, 2017

The CVE-ID of this vulnerability is CVE-2017-11475.

@florian-eichelberger
Copy link

@florian-eichelberger florian-eichelberger commented Aug 29, 2017

As this CVE is incorrectly classified, please confirm that a working login is required to exploit the vulnerability listed under CVE-2017-11475 so NIST can use this information to update the CVSS Score.

@orthagh
Copy link
Contributor

@orthagh orthagh commented Aug 29, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

3 participants