FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-01-25 14:24:43 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
b7abdb0f-3b15-11eb-af2a-080027dbe4b7	glpi -- Multiple SQL Injections Stemming From isNameQuoted() MITRE Corporation reports: In GLPI before version 9.5.2, when supplying a back tick in input that gets put into a SQL query,the application does not escape or sanitize allowing for SQL Injection to occur. Leveraging this vulnerability an attacker is able to exfiltrate sensitive information like passwords, reset tokens, personal details, and more. The issue is patched in version 9.5.2 Discovery 2020-06-25 Entry 2020-06-25 Modified 2024-04-25 glpi < 9.5.2,1 https://github.com/glpi-project/glpi/commit/f021f1f365b4acea5066d3e57c6d22658cf32575 https://github.com/glpi-project/glpi/security/advisories/GHSA-x93w-64x9-58qw CVE-2020-15176

VuXML ID

Description

b7abdb0f-3b15-11eb-af2a-080027dbe4b7

glpi -- Multiple SQL Injections Stemming From isNameQuoted()

MITRE Corporation reports:

In GLPI before version 9.5.2, when supplying a back tick in input that gets put into a SQL query,the application does not escape or sanitize allowing for SQL Injection to occur. Leveraging this vulnerability an attacker is able to exfiltrate sensitive information like passwords, reset tokens, personal details, and more. The issue is patched in version 9.5.2

Discovery 2020-06-25
Entry 2020-06-25
Modified 2024-04-25
glpi

< 9.5.2,1

https://github.com/glpi-project/glpi/commit/f021f1f365b4acea5066d3e57c6d22658cf32575
https://github.com/glpi-project/glpi/security/advisories/GHSA-x93w-64x9-58qw
CVE-2020-15176