Detections
Analytics

FreeBSD : glpi -- SQL injection for all helpdesk instances (b3aae7ea-3aef-11eb-af2a-080027dbe4b7)

high Nessus Plugin ID 144133

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

MITRE Corporation reports :

In GLPI before version 9.4.6, there is a SQL injection vulnerability for all helpdesk instances. Exploiting this vulnerability requires a technician account. This is fixed in version 9.4.6.

Solution

Update the affected package.

See Also

http://www.nessus.org/u?92717dcb

http://www.nessus.org/u?c1053e0b

Plugin Details

Severity: High

ID: 144133

File Name: freebsd_pkg_b3aae7ea3aef11ebaf2a080027dbe4b7.nasl

Version: 1.3

Type: local

Published: 12/14/2020

Updated: 2/2/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS Score Source: CVE-2020-11032

CVSS v3

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:glpi, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 3/30/2020

Vulnerability Publication Date: 3/30/2020

Reference Information

CVE: CVE-2020-11032