Nelson A. de Oliveira
2009-Jan-30 18:04 UTC
[Secure-testing-team] Bug#513611: glpi: ''ID'' Parameter Multiple SQL Injection Vulnerabilities
Package: glpi Version: 0.71.2-2 Severity: grave Tags: security Justification: user security hole Hi! glpi versions prior to 0.71.4 are affected by a SQL injection vulnerability. See the upstream announce [1] and SecurityFocus [2]. [1] http://www.glpi-project.org/spip.php?page=annonce&id_breve=161&lang=en [2] http://www.securityfocus.com/bid/33477 Thank you very much! Best regards, Nelson -- System Information: Debian Release: 5.0 APT prefers unstable APT policy: (500, ''unstable''), (1, ''experimental'') Architecture: i386 (i686) Kernel: Linux 2.6.28.2-naoliv1 (SMP w/2 CPU cores; PREEMPT) Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash