[vs] CVE-2012-1037 GLPI <= 0.80.61 LFI/RFI

Hi,

I found a File Inclusion vulnerability in GLPI <= 0.80.61. I contacted the project team; 
the bug is now patched and a new version is available (0.80.7).

I've published the advisory on fulldisclosure:

http://seclists.org/fulldisclosure/2012/Feb/157 <http://seclists.org/fulldisclosure/2012/Feb/157>

CVE-2012-1037: GLPI <= 0.80.61 LFI/RFI

Severity: Important

Vendor: GLPI - http://www.glpi-project.org

Versions Affected
=================

All versions between 0.78 and 0.80.61

Description
===========

GLPI fails to properly sanitize the GET 'sub_type' parameter in the front/popup.php file:

  [...]
  checkLoginUser();

  if (isset($_GET["popup"])) {
     $_SESSION["glpipopup"]["name"] = $_GET["popup"];