Glpi · Glpi · CVE-2013-2225
**Name of the Vulnerable Software and Affected Versions**
GLPI versions 0.83.9 and earlier
**Description**
The issue allows remote attackers to unserialize arbitrary PHP objects. This is achieved via the ` predefined fields` parameter to the "front/ticket.form.php" endpoint.
**Recommendations**
For GLPI versions 0.83.9 and earlier, consider restricting access to the "front/ticket.form.php" endpoint until a patch is available. As a temporary workaround, avoid using the ` predefined fields` parameter in the affected endpoint to minimize the risk of exploitation.