FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

glpi -- SQL Injection

Affected packages
glpi < 0.71.4

Details

VuXML ID 2ffb1b0d-ecf5-11dd-abae-00219b0fc4d8
Discovery 2009-01-25
Entry 2009-01-28

The GLPI project reports:

Input passed via unspecified parameters is not properly sanitised before being used in SQL queries. This can be exploited to manipulateSQL queries by injecting arbitrary SQL code.

[source]

References

URL http://secunia.com/advisories/33680/
URL http://www.glpi-project.org/spip.php?page=annonce&id_breve=161&lang=en
URL https://dev.indepnet.net/glpi/ticket/1224
URL https://mail.gna.org/public/glpi-news/2009-01/msg00002.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.