1176166 – (CVE-2014-9258) CVE-2014-9258 glpi: ajax/getDropdownValue.php SQL injection

Bug 1176166 (CVE-2014-9258) - CVE-2014-9258 glpi: ajax/getDropdownValue.php SQL injection

Summary: CVE-2014-9258 glpi: ajax/getDropdownValue.php SQL injection

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2014-9258
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1176167 1176168
Blocks:
TreeView+	depends on / blocked

Reported:	2014-12-19 15:32 UTC by Vasyl Kaigorodov
Modified:	2019-09-29 13:25 UTC (History)
CC List:	1 user (show)
Fixed In Version:	GLPI 0.85.1
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-08-22 16:52:05 UTC
Embargoed:

Attachments	(Terms of Use)

Description Vasyl Kaigorodov 2014-12-19 15:32:48 UTC

Common Vulnerabilities and Exposures assigned an identifier CVE-2014-9258 to
the following vulnerability:

Name: CVE-2014-9258
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9258
Assigned: 20141204
Reference: http://secunia.com/advisories/61367

SQL injection vulnerability in ajax/getDropdownValue.php in GLPI
before 0.85.1 allows remote authenticated users to execute arbitrary
SQL commands via the condition parameter.

Comment 1 Vasyl Kaigorodov 2014-12-19 15:33:33 UTC

Created glpi tracking bugs for this issue:

Affects: fedora-all [bug 1176167]
Affects: epel-all [bug 1176168]

Comment 2 Fedora Update System 2015-01-01 08:54:14 UTC

glpi-0.84.8-3.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 3 Fedora Update System 2015-01-01 08:56:22 UTC

glpi-0.84.8-3.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 4 Fedora Update System 2015-01-01 08:58:13 UTC

glpi-0.83.9.1-5.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 5 Fedora Update System 2015-01-06 18:56:53 UTC

glpi-0.83.9.1-6.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 6 Fedora Update System 2015-01-06 18:57:13 UTC

glpi-0.83.9.1-5.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 7 Fedora Update System 2015-01-06 19:01:03 UTC

glpi-0.84.8-3.el7 has been pushed to the Fedora EPEL 7 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.