Advisories » MGASA-2018-0330

Updated glpi packages fix security vulnerability

Publication date: 10 Aug 2018
Modification date: 10 Aug 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-13049

Description

The constructSQL function in inc/search.class.php in GLPI 9.2.x through
9.3.0 allows SQL Injection, as demonstrated by triggering a crafted LIMIT
clause to front/computer.php (CVE-2018-13049).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=23318
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/45ZBDWBMNJVPQ6FZVBLDLZRLJNSTTEWL/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13049

SRPMS

6/core

• glpi-9.1.6-2.2.mga6