Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[9.2.2] SQL injection in front/computer.php CVE-2018-13049 #4270

Closed
dbappxuji opened this Issue Jul 2, 2018 · 3 comments

Comments

Projects
None yet
2 participants
@dbappxuji
Copy link

dbappxuji commented Jul 2, 2018

you can find the result in the sql-error.log

  • Actual result :
    the same with the Expected result

  • URL of the page :
    http://url/glpi2/front/computer.php

  • Screenshot of the problem (if pertinent) :

  • Your GLPI setup (you can find it in Setup > General menu, System tab) :

you can find it in asset >computer

@trasher

This comment has been minimized.

Copy link
Member

trasher commented Jul 2, 2018

In the future, please do not open public tickets for security issues, just send the mail to glpi-security. Thank you.

trasher added a commit to trasher/glpi that referenced this issue Jul 2, 2018

@trasher trasher added this to the 9.3.1 milestone Jul 2, 2018

@dbappxuji

This comment has been minimized.

Copy link
Author

dbappxuji commented Jul 2, 2018

@trasher trasher closed this in 3391f10 Jul 2, 2018

trasher added a commit that referenced this issue Jul 2, 2018

@remicollet remicollet changed the title [9.2.2] SQL injection in front/computer.php [9.2.2] SQL injection in front/computer.php CVE-2018-13049 Jul 3, 2018

@dbappxuji

This comment has been minimized.

Copy link
Author

dbappxuji commented Aug 6, 2018

Exploit Author: Ji.xu From DBAppSecurity
CVE: CVE-2018-13049

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.