jetlib.sec » Full Disclosure » CVE-2012-1037: GLPI

Feeds

133098 items (0 unread) in 27 feeds

• 1337day (was: Inj3ct0r, 1337db)
• OSVDB Vulnerabilities
• Exploit-DB
• SecurityFocus Vulnerabilities
• Bugtraq
• Full Disclosure
• XSSed
• Packet Storm Security Headlines
• Packet Storm Security Advisories
• Packet Storm Security Exploits
• Packet Storm Security Recent Files
• Packet Storm Security Tools
• Packet Storm Security Misc. Files
• Sophos security news
• Sophos product advisories
• Penetration Testing
• SecuriTeam
• BackTrack Linux Forums
• Threatpost
• SecDocs
• carnal0wnage.attackresearch.com
• Carnal0wnage
• Kernel Fun
• Darknet
• The Exploitant
• Hack a Day
• Wirevolution

Full Disclosure

• February 10, 2012
• 

  CVE-2012-1037: GLPI

  Posted: February 10th, 2012, 2:54am PST

  Tags:   

  Posted by Emilien Girault on Feb 10

  CVE-2012-1037: GLPI <= 0.80.61 LFI/RFI
  
  Severity: Important
  
  Vendor: GLPI - http://www.glpi-project.org
  
  Versions Affected
  =================
  
  All versions between 0.78 and 0.80.61
  
  Description
  ===========
  
  GLPI fails to properly sanitize the GET 'sub_type' parameter in the front/popup.php file:
  
  [...]
  checkLoginUser();
  
  if (isset($_GET["popup"])) {
  $_SESSION["glpipopup"]["name"] =...