CVE-2013-5696

Name of the Vulnerable Software and Affected Versions GLPI versions prior to 0.84.2

Description The issue concerns a lack of proper security measures after the installation of GLPI, allowing remote attackers to conduct cross-site request forgery (CSRF) attacks. This can lead to two main consequences: (1) performing a SQL injection via an Etape 4 action, and (2) executing arbitrary PHP code via an update 1 action.

Recommendations For versions prior to 0.84.2, update to version 0.84.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the inc/central.class.php file and the install/install.php script to minimize the risk of exploitation. Avoid using the Etape 4 and update 1 actions in the affected API endpoints until the issue is resolved.