VDB

GCVE-110-MAGEIA-2015-17

GCVE-110-MAGEIA-2015-17
Advisory Published
Vulnetix · Advisory published January 9, 2015
Updated glpi package fixes security vulnerabilities: Due to a bug in GLPI before 0.84.7, a user without access to cost information can in fact see the information when selecting cost as a search criteria (CVE-2014-5032). An issue in GLPI before 0.84.8 may allow arbitrary local files to be included by PHP through an autoload function (CVE-2014-8360). SQL injection vulnerability in ajax/getDropdownValue.php in GLPI before 0.85.1 allows remote authenticated users to execute arbitrary SQL commands via the condition parameter (CVE-2014-9258).

Affected Products

VendorProductVersionsPlatforms
Mageiaglpi0.84.3-1.2.mga4 (unaffected), 0 (affected), 0.84.3-1.2.mga4 (unaffected), 0 (affected)
Mageiagnome-icon-theme0 (affected), 3.10.0-2.2.mga4 (unaffected)

Browse GCVE Records

73,280 records in the GCVE database · Updated July 17, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›