VDB
CVE-2014-9258
CVE-2014-9258
PUBLISHED
SQL injection vulnerability in ajax/getDropdownValue.php in GLPI before 0.85.1 allows remote authenticated users to execute arbitrary SQL commands via the condition parameter.
EPSS 9.12% · 92.8th percentile
Risk Scores
EPSS Score
9.12%
92.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | glpi | *, 0, 0.84.8+dfsg.1-1 |
Exploit Intelligence
- FEDORA-2014-17520 (circl)
- FEDORA-2014-17508 (circl)
- MDVSA-2015:167 (circl)
- FEDORA-2014-17497 (circl)
- 61367 (circl)
- http://advisories.mageia.org/MGASA-2015-0017.html (circl)
- http://www.glpi-project.org/spip.php?page=annonce&id_breve=334&lang=en (circl)
- 115957 (circl)
- http://security.szurek.pl/glpi-085-blind-sql-injection.html (nist-nvd)
- 35528 (cve.org)
…and 2 more exploits
Timeline
- Dec 18, 2014 PoC Published
- Dec 19, 2014 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 17, 2022 CVE Updated
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2014-9258 third-party-advisory
- http://www.glpi-project.org/spip.php?page=annonce&id_breve=334&lang=en third-party-advisory
- http://www.exploit-db.com/exploits/35528 third-party-advisory
- http://security.szurek.pl/glpi-085-blind-sql-injection.html third-party-advisory
- http://secunia.com/advisories/61367 third-party-advisory
- http://osvdb.org/show/osvdb/115957 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2014-9258 third-party-advisory