GLPI 'sub_type' Parameter Remote File Include Vulnerability

Bugtraq ID:	51958
Class:	Input Validation Error
CVE:	CVE-2012-1037
Remote:	Yes
Local:	No
Published:	Feb 10 2012 12:00AM
Updated:	Feb 20 2012 11:50PM
Credit:	Emilien Girault
Vulnerable:	Red Hat Fedora 16 Red Hat Fedora 15 MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5 GLPI GLPI 0.80.61 GLPI GLPI 0.80.2 GLPI GLPI 0.80 GLPI GLPI 0.78
Not Vulnerable:	GLPI GLPI 0.80.7

GLPI 'sub_type' Parameter Remote File Include Vulnerability

GLPI is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.

An attacker can exploit this issue to include arbitrary remote files containing malicious PHP code and execute it in the context of the affected application. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.

GLPI versions between 0.78 and 0.80.61 are vulnerable.

GLPI 'sub_type' Parameter Remote File Include Vulnerability

Attackers can use a browser to exploit this issue.

The following example URI is available:

http://www.example.com/front/popup.php?popup=add_ruleparameter&sub_type=<file>

GLPI 'sub_type' Parameter Remote File Include Vulnerability

Solution:
Updates are available. Please see the references for more information.


MandrakeSoft Enterprise Server 5 x86_64

• Mandriva glpi-0.80.7-0.1mdvmes5.2.noarch.rpm
  http://www.mandriva.com/en/downloads/

MandrakeSoft Enterprise Server 5

• Mandriva glpi-0.80.7-0.1mdvmes5.2.noarch.rpm
  http://www.mandriva.com/en/downloads/

GLPI 'sub_type' Parameter Remote File Include Vulnerability

References:

• CVE-2012-1037: GLPI <= 0.80.61 LFI/RFI (Emilien Girault)
  
• GLPI Project Homepage (GLPI)