Unrated severityNVD Advisory· Published Dec 19, 2014· Updated May 6, 2026
CVE-2014-9258
CVE-2014-9258
Description
SQL injection vulnerability in ajax/getDropdownValue.php in GLPI before 0.85.1 allows remote authenticated users to execute arbitrary SQL commands via the condition parameter.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- www.glpi-project.org/spip.phpnvdPatchVendor Advisory
- security.szurek.pl/glpi-085-blind-sql-injection.htmlnvdExploit
- www.exploit-db.com/exploits/35528nvdExploit
- advisories.mageia.org/MGASA-2015-0017.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2015-January/147271.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2015-January/147296.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2015-January/147313.htmlnvd
- osvdb.org/show/osvdb/115957nvd
- secunia.com/advisories/61367nvd
- www.mandriva.com/security/advisoriesnvd
News mentions
0No linked articles in our index yet.