GLPI 0.83.9 – ‘Unserialize()’ Remote Code Execution

Exploit Database
16 阅读

作者： Xavier Mehrenberger

日期： 2013-07-01
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/26530/

source: https://www.securityfocus.com/bid/60823/info

GLPI is prone to a remote PHP code-execution vulnerability. 

An attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the affected application. This may facilitate a compromise of the application and the underlying system; other attacks are also possible. 

GLPI 0.83.9 is vulnerable; other versions may also be affected.

An attacker can exploit this issue using a web browser. 

The following example URI is available: 

http://www.example.com/glpi/front/ticket.form.php?id=1&_predefined_fields=[XXXX]

last Exploits
GLPI 0.83.9 – ‘Unserialize()’ Remote Code Execution的更多信息

KubeSupport – ‘lang’ SQL Injection：
Online Print Business 1.0 – SQL Injection：
FCKEditor Core – ‘FileManager test.html’ Arbitrary File Upload (1)：
copyparty 1.8.2 – Directory Traversal：
Adrenalin Core HCM 5.4.0 – ‘ReportID’ Reflected Cross-Site Scripting：
Openfire Server 3.6.0a – Admin Console Authentication Bypass (Metasploit)：
Citrix Nitro SDK – Command Injection：
Metinfo 3.0 – Multiple Vulnerabilities：