CVE-2013-5696

GLPI - 'install.php' Remote Command Execution

Severity Score

6.8

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

inc/central.class.php in GLPI before 0.84.2 does not attempt to make install/install.php unavailable after an installation is completed, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and (1) perform a SQL injection via an Etape_4 action or (2) execute arbitrary PHP code via an update_1 action.

inc/central.class.php en GLPI anteriores a 0.84.2 no intenta inhabilitar install/install.php después de una instalación completa, lo cual permite a atacantes remotos efectuar ataques cross-site request forgery (CSRF), y (1) ejecutar inyecciones SQL a través de una acción Etape_4 o (2) ejecutar código PHP arbitrario a través de una acción update_1.

GLPI version 0.84.1 suffers from improper access control bypass and PHP code injection vulnerabilities.

*Credits: N/A

CVSS Scores

NISTv2 6.8

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2013-09-04 CVE Reserved
2013-09-20 CVE Published
2013-09-23 First Exploit
2024-09-16 CVE Updated
2024-10-17 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-352: Cross-Site Request Forgery (CSRF)

CAPEC

References (7)

URL	Tag	Source
https://forge.indepnet.net/issues/4480	X_refsource_confirm

URL	Date	SRC
https://www.exploit-db.com/exploits/28483	2013-09-23
https://www.exploit-db.com/exploits/28685	2013-10-02
https://www.navixia.com/blog/entry/navixia-finds-critical-vulnerabilities-in-glpi-cve-2013-5696.html	2024-09-16

URL	Date	SRC
http://www.glpi-project.org/spip.php?page=annonce&id_breve=308	2013-09-23
https://forge.indepnet.net/projects/glpi/repository/revisions/21753	2013-09-23
https://forge.indepnet.net/projects/glpi/repository/revisions/21753/diff/branches/0.84-bugfixes/inc/central.class.php	2013-09-23

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				<= 0.84.1 Search vendor "Glpi-project" for product "Glpi" and version " <= 0.84.1"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.5 Search vendor "Glpi-project" for product "Glpi" and version "0.5"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.5 Search vendor "Glpi-project" for product "Glpi" and version "0.5"		rc1		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.5 Search vendor "Glpi-project" for product "Glpi" and version "0.5"		rc2		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.6 Search vendor "Glpi-project" for product "Glpi" and version "0.6"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.6 Search vendor "Glpi-project" for product "Glpi" and version "0.6"		rc1		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.6 Search vendor "Glpi-project" for product "Glpi" and version "0.6"		rc2		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.6 Search vendor "Glpi-project" for product "Glpi" and version "0.6"		rc3		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.20 Search vendor "Glpi-project" for product "Glpi" and version "0.20"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.21 Search vendor "Glpi-project" for product "Glpi" and version "0.21"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.30 Search vendor "Glpi-project" for product "Glpi" and version "0.30"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.31 Search vendor "Glpi-project" for product "Glpi" and version "0.31"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.40 Search vendor "Glpi-project" for product "Glpi" and version "0.40"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.41 Search vendor "Glpi-project" for product "Glpi" and version "0.41"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.42 Search vendor "Glpi-project" for product "Glpi" and version "0.42"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.51 Search vendor "Glpi-project" for product "Glpi" and version "0.51"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.51a Search vendor "Glpi-project" for product "Glpi" and version "0.51a"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.65 Search vendor "Glpi-project" for product "Glpi" and version "0.65"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.65 Search vendor "Glpi-project" for product "Glpi" and version "0.65"		rc1		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.65 Search vendor "Glpi-project" for product "Glpi" and version "0.65"		rc2		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.68 Search vendor "Glpi-project" for product "Glpi" and version "0.68"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.68 Search vendor "Glpi-project" for product "Glpi" and version "0.68"		rc1		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.68 Search vendor "Glpi-project" for product "Glpi" and version "0.68"		rc2		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.68 Search vendor "Glpi-project" for product "Glpi" and version "0.68"		rc3		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.68.1 Search vendor "Glpi-project" for product "Glpi" and version "0.68.1"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.68.2 Search vendor "Glpi-project" for product "Glpi" and version "0.68.2"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.68.3 Search vendor "Glpi-project" for product "Glpi" and version "0.68.3"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.70 Search vendor "Glpi-project" for product "Glpi" and version "0.70"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.70 Search vendor "Glpi-project" for product "Glpi" and version "0.70"		rc1		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.70 Search vendor "Glpi-project" for product "Glpi" and version "0.70"		rc2		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.70 Search vendor "Glpi-project" for product "Glpi" and version "0.70"		rc3		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.70.1 Search vendor "Glpi-project" for product "Glpi" and version "0.70.1"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.70.2 Search vendor "Glpi-project" for product "Glpi" and version "0.70.2"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.71 Search vendor "Glpi-project" for product "Glpi" and version "0.71"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.71.1 Search vendor "Glpi-project" for product "Glpi" and version "0.71.1"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.71.1 Search vendor "Glpi-project" for product "Glpi" and version "0.71.1"		rc1		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.71.1 Search vendor "Glpi-project" for product "Glpi" and version "0.71.1"		rc2		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.71.1 Search vendor "Glpi-project" for product "Glpi" and version "0.71.1"		rc3		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.71.2 Search vendor "Glpi-project" for product "Glpi" and version "0.71.2"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.71.3 Search vendor "Glpi-project" for product "Glpi" and version "0.71.3"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.71.4 Search vendor "Glpi-project" for product "Glpi" and version "0.71.4"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.71.5 Search vendor "Glpi-project" for product "Glpi" and version "0.71.5"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.71.6 Search vendor "Glpi-project" for product "Glpi" and version "0.71.6"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.72 Search vendor "Glpi-project" for product "Glpi" and version "0.72"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.72 Search vendor "Glpi-project" for product "Glpi" and version "0.72"		rc1		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.72 Search vendor "Glpi-project" for product "Glpi" and version "0.72"		rc2		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.72 Search vendor "Glpi-project" for product "Glpi" and version "0.72"		rc3		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.72.1 Search vendor "Glpi-project" for product "Glpi" and version "0.72.1"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.72.2 Search vendor "Glpi-project" for product "Glpi" and version "0.72.2"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.72.3 Search vendor "Glpi-project" for product "Glpi" and version "0.72.3"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.72.4 Search vendor "Glpi-project" for product "Glpi" and version "0.72.4"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.78 Search vendor "Glpi-project" for product "Glpi" and version "0.78"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.78.1 Search vendor "Glpi-project" for product "Glpi" and version "0.78.1"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.78.2 Search vendor "Glpi-project" for product "Glpi" and version "0.78.2"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.78.3 Search vendor "Glpi-project" for product "Glpi" and version "0.78.3"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.78.4 Search vendor "Glpi-project" for product "Glpi" and version "0.78.4"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.78.5 Search vendor "Glpi-project" for product "Glpi" and version "0.78.5"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.80 Search vendor "Glpi-project" for product "Glpi" and version "0.80"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.80.1 Search vendor "Glpi-project" for product "Glpi" and version "0.80.1"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.80.2 Search vendor "Glpi-project" for product "Glpi" and version "0.80.2"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.80.3 Search vendor "Glpi-project" for product "Glpi" and version "0.80.3"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.80.4 Search vendor "Glpi-project" for product "Glpi" and version "0.80.4"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.80.5 Search vendor "Glpi-project" for product "Glpi" and version "0.80.5"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.80.6 Search vendor "Glpi-project" for product "Glpi" and version "0.80.6"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.80.7 Search vendor "Glpi-project" for product "Glpi" and version "0.80.7"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.80.61 Search vendor "Glpi-project" for product "Glpi" and version "0.80.61"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.83 Search vendor "Glpi-project" for product "Glpi" and version "0.83"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.83.1 Search vendor "Glpi-project" for product "Glpi" and version "0.83.1"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.83.2 Search vendor "Glpi-project" for product "Glpi" and version "0.83.2"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.83.3 Search vendor "Glpi-project" for product "Glpi" and version "0.83.3"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.83.4 Search vendor "Glpi-project" for product "Glpi" and version "0.83.4"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.83.5 Search vendor "Glpi-project" for product "Glpi" and version "0.83.5"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.83.6 Search vendor "Glpi-project" for product "Glpi" and version "0.83.6"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.83.7 Search vendor "Glpi-project" for product "Glpi" and version "0.83.7"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.83.8 Search vendor "Glpi-project" for product "Glpi" and version "0.83.8"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.83.9 Search vendor "Glpi-project" for product "Glpi" and version "0.83.9"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.83.31 Search vendor "Glpi-project" for product "Glpi" and version "0.83.31"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.83.91 Search vendor "Glpi-project" for product "Glpi" and version "0.83.91"		-		Affected
Glpi-project Search vendor "Glpi-project"		Glpi Search vendor "Glpi-project" for product "Glpi"				0.84 Search vendor "Glpi-project" for product "Glpi" and version "0.84"		-		Affected