Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
inc/central.class.php in GLPI before 0.84.2 does not attempt to make install/install.php unavailable after an installation is completed, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and (1) perform a SQL injection via an Etape_4 action or (2) execute arbitrary PHP code via an update_1 action.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
GLPI inc/central.class.php脚本跨站请求伪造漏洞
Vulnerability Description
GLPI是Indepnet协会维护的一款开源的IT资源管理套件。该套件包含设备状态管理、资产清单存储、管理流程和工作日志管理等功能。 GLPI 0.84.1及之前的版本中的inc/central.class.php脚本中存在SQL注入漏洞和PHP代码执行漏洞,程序在安装完成后‘install/install.php’文件可再次被执行。远程攻击者可利用这些漏洞进行跨站请求伪造攻击。
CVSS Information
N/A
Vulnerability Type
N/A