CVE-2013-2225

Name: CVE-2013-2225
Creator: NVD / NIST
Published: 2014-05-27T14:55:09.93+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 7.56%

Last modified Jun 16, 2026

CVE-2013-2225 is a vulnerability of currently unknown severity. inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the _predefined_fields parameter to front/ticket.form.php.. EPSS estimates a 7.56% chance of exploitation in the next 30 days.

Description

inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the _predefined_fields parameter to front/ticket.form.php.

Metrics

EPSS Probability

7.56%

93.7th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Glpi-Project	Glpi	<= 0.83.9
Glpi-Project	Glpi	0.5
Glpi-Project	Glpi	0.6
Glpi-Project	Glpi	0.20
Glpi-Project	Glpi	0.21
Glpi-Project	Glpi	0.30
Glpi-Project	Glpi	0.31
Glpi-Project	Glpi	0.40
Glpi-Project	Glpi	0.41
Glpi-Project	Glpi	0.42
Glpi-Project	Glpi	0.51
Glpi-Project	Glpi	0.51a
Glpi-Project	Glpi	0.65
Glpi-Project	Glpi	0.68
Glpi-Project	Glpi	0.68.1
Glpi-Project	Glpi	0.68.2
Glpi-Project	Glpi	0.68.3
Glpi-Project	Glpi	0.70
Glpi-Project	Glpi	0.70.1
Glpi-Project	Glpi	0.70.2
Glpi-Project	Glpi	0.71
Glpi-Project	Glpi	0.71.1
Glpi-Project	Glpi	0.71.2
Glpi-Project	Glpi	0.71.3
Glpi-Project	Glpi	0.71.4
Glpi-Project	Glpi	0.71.5
Glpi-Project	Glpi	0.71.6
Glpi-Project	Glpi	0.72
Glpi-Project	Glpi	0.72.1
Glpi-Project	Glpi	0.72.2
Glpi-Project	Glpi	0.72.3
Glpi-Project	Glpi	0.72.4
Glpi-Project	Glpi	0.78
Glpi-Project	Glpi	0.78.1
Glpi-Project	Glpi	0.78.2
Glpi-Project	Glpi	0.78.3
Glpi-Project	Glpi	0.78.4
Glpi-Project	Glpi	0.78.5
Glpi-Project	Glpi	0.80
Glpi-Project	Glpi	0.80.1
Glpi-Project	Glpi	0.80.2
Glpi-Project	Glpi	0.80.3
Glpi-Project	Glpi	0.80.4
Glpi-Project	Glpi	0.80.5
Glpi-Project	Glpi	0.80.6
Glpi-Project	Glpi	0.80.7
Glpi-Project	Glpi	0.80.61
Glpi-Project	Glpi	0.83
Glpi-Project	Glpi	0.83.1
Glpi-Project	Glpi	0.83.2

Showing 50 of 57 affected configurations. See NVD for the full list.

References

Timeline

Published: May 27, 2014
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2013-2225?

inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the _predefined_fields parameter to front/ticket.form.php.

How severe is CVE-2013-2225?

Severity scoring for CVE-2013-2225 is pending analysis. The EPSS model estimates a 7.56% probability of exploitation in the next 30 days.

How do I fix CVE-2013-2225?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2013-2225?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST