Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[9.2.2] SQL injection in front/computer.php CVE-2018-13049 #4270

Closed
AceSec opened this issue Jul 2, 2018 · 3 comments
Closed

[9.2.2] SQL injection in front/computer.php CVE-2018-13049 #4270

AceSec opened this issue Jul 2, 2018 · 3 comments
Milestone

Comments

@AceSec
Copy link

AceSec commented Jul 2, 2018

you can find the result in the sql-error.log

  • Actual result :
    the same with the Expected result

  • URL of the page :
    http://url/glpi2/front/computer.php

  • Screenshot of the problem (if pertinent) :

  • Your GLPI setup (you can find it in Setup > General menu, System tab) :

you can find it in asset >computer

@trasher
Copy link
Member

trasher commented Jul 2, 2018

In the future, please do not open public tickets for security issues, just send the mail to glpi-security. Thank you.

trasher added a commit to trasher/glpi that referenced this issue Jul 2, 2018
@trasher trasher added this to the 9.3.1 milestone Jul 2, 2018
@AceSec
Copy link
Author

AceSec commented Jul 2, 2018

@trasher trasher closed this as completed in 3391f10 Jul 2, 2018
trasher added a commit that referenced this issue Jul 2, 2018
@remicollet remicollet changed the title [9.2.2] SQL injection in front/computer.php [9.2.2] SQL injection in front/computer.php CVE-2018-13049 Jul 3, 2018
@AceSec
Copy link
Author

AceSec commented Aug 6, 2018

Exploit Author: Ji.xu From DBAppSecurity
CVE: CVE-2018-13049

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants