[ MDVSA-2015:167 ] glpi

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:167
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : glpi
 Date    : March 30, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated glpi package fixes security vulnerabilities:
 
 Due to a bug in GLPI before 0.84.7, a user without access to cost
 information can in fact see the information when selecting cost as
 a search criteria (CVE-2014-5032).
 
 An issue in GLPI before 0.84.8 may allow arbitrary local files to be
 included by PHP through an autoload function (CVE-2014-8360).
 
 SQL injection vulnerability in ajax/getDropdownValue.php in GLPI
 before 0.85.1 allows remote authenticated users to execute arbitrary
 SQL commands via the condition paramet

007 Software

[ MDVSA-2015:167 ] glpi

Leave a Reply Cancel reply

Software and Security Information