Unrated severityNVD Advisory· Published Dec 19, 2014· Updated Jun 17, 2026
CVE-2014-9258
CVE-2014-9258
Description
SQL injection vulnerability in ajax/getDropdownValue.php in GLPI before 0.85.1 allows remote authenticated users to execute arbitrary SQL commands via the condition parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*range: <=0.85
- (no CPE)range: <0.85.1
Patches
Vulnerability mechanics
References
10- www.glpi-project.org/spip.phpnvdPatchVendor Advisory
- security.szurek.pl/glpi-085-blind-sql-injection.htmlnvdExploit
- www.exploit-db.com/exploits/35528nvdExploit
- advisories.mageia.org/MGASA-2015-0017.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2015-January/147271.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2015-January/147296.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2015-January/147313.htmlnvd
- osvdb.org/show/osvdb/115957nvd
- secunia.com/advisories/61367nvd
- www.mandriva.com/security/advisoriesnvd
News mentions
0No linked articles in our index yet.