Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

glpi-project glpi 0.83 vulnerabilities and exploits

(subscribe to this query)
NA
CVE-2013-2226
Multiple SQL injection vulnerabilities in GLPI prior to 0.83.9 allow remote malicious users to execute arbitrary SQL commands via the (1) users_id_assign parameter to ajax/ticketassigninformation.php, (2) filename parameter to front/document.form.php, or (3) table parameter to aj...
Glpi-project GlpiGlpi-project Glpi 0.83.7Glpi-project Glpi 0.83.6Glpi-project Glpi 0.83.5Glpi-project Glpi 0.83.1Glpi-project Glpi 0.83Glpi-project Glpi 0.83.4Glpi-project Glpi 0.83.3Glpi-project Glpi 0.83.31Glpi-project Glpi 0.83.2
NA
CVE-2012-4003
Multiple cross-site scripting (XSS) vulnerabilities in GLPI-PROJECT GLPI prior to 0.83.3 allow remote malicious users to inject arbitrary web script or HTML via unknown vectors.
Glpi-project Glpi 0.68.1Glpi-project Glpi 0.68.2Glpi-project Glpi 0.71.1Glpi-project Glpi 0.80.2Glpi-project Glpi 0.70.1Glpi-project Glpi 0.72Glpi-project Glpi 0.72.3Glpi-project Glpi 0.20Glpi-project Glpi 0.72.1Glpi-project Glpi 0.72.2Glpi-project Glpi 0.78.3Glpi-project Glpi 0.40Glpi-project Glpi 0.6Glpi-project Glpi 0.65Glpi-project Glpi 0.5Glpi-project Glpi 0.51Glpi-project Glpi 0.68.3Glpi-project Glpi 0.70Glpi-project Glpi 0.80.3Glpi-project Glpi 0.80.6Glpi-project Glpi 0.71.2Glpi-project Glpi 0.71.6
NA
CVE-2012-4002
Cross-site request forgery (CSRF) vulnerability in GLPI-PROJECT GLPI prior to 0.83.3 allows remote malicious users to hijack the authentication of unspecified victims via unknown vectors.
Glpi-project Glpi 0.70Glpi-project Glpi 0.68.1Glpi-project Glpi 0.80.3Glpi-project Glpi 0.71.1Glpi-project Glpi 0.80.6Glpi-project Glpi 0.70.1Glpi-project Glpi 0.72Glpi-project Glpi 0.72.3Glpi-project Glpi 0.72.1Glpi-project Glpi 0.31Glpi-project Glpi 0.78.3Glpi-project Glpi 0.6Glpi-project Glpi 0.5Glpi-project Glpi 0.68.3Glpi-project Glpi 0.71Glpi-project Glpi 0.80.4Glpi-project Glpi 0.80.61Glpi-project Glpi 0.71.3Glpi-project Glpi 0.71.2Glpi-project Glpi 0.30Glpi-project Glpi 0.71.6Glpi-project Glpi 0.80.1
NA
CVE-2013-2225
inc/ticket.class.php in GLPI 0.83.9 and previous versions allows remote malicious users to unserialize arbitrary PHP objects via the _predefined_fields parameter to front/ticket.form.php.
Glpi-project Glpi 0.21Glpi-project Glpi 0.30Glpi-project Glpi 0.31Glpi-project Glpi 0.40Glpi-project Glpi 0.65Glpi-project Glpi 0.68Glpi-project Glpi 0.71.1Glpi-project Glpi 0.5Glpi-project Glpi 0.51Glpi-project Glpi 0.51aGlpi-project Glpi 0.6Glpi-project Glpi 0.70Glpi-project Glpi 0.72Glpi-project Glpi 0.72.1Glpi-project Glpi 0.83.6Glpi-project Glpi 0.83.5Glpi-project Glpi 0.83.4Glpi-project Glpi 0.83.31Glpi-project Glpi 0.42Glpi-project Glpi 0.68.2Glpi-project Glpi 0.70.2Glpi-project Glpi 0.71.3
NA
CVE-2013-5696
inc/central.class.php in GLPI prior to 0.84.2 does not attempt to make install/install.php unavailable after an installation is completed, which allows remote malicious users to conduct cross-site request forgery (CSRF) attacks, and (1) perform a SQL injection via an Etape_4 acti...
Glpi-project Glpi 0.83.8Glpi-project Glpi 0.83.9Glpi-project Glpi 0.83.91Glpi-project Glpi 0.84Glpi-project Glpi 0.80.4Glpi-project Glpi 0.80.3Glpi-project Glpi 0.80.2Glpi-project Glpi 0.80.1Glpi-project Glpi 0.72Glpi-project Glpi 0.71.6Glpi-project Glpi 0.71.5Glpi-project Glpi 0.70Glpi-project Glpi 0.68.3Glpi-project Glpi 0.68.2Glpi-project Glpi 0.51Glpi-project Glpi 0.5Glpi-project Glpi 0.83.31Glpi-project Glpi 0.83.3Glpi-project Glpi 0.83.2Glpi-project Glpi 0.83.1Glpi-project Glpi 0.83Glpi-project Glpi 0.78.2
8.8
CVSSv3
CVE-2023-28634
GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, a user who has the Technician profile could see and generate a Personal token for a Super-Admin. Using such token it is possible to negotiate a GLPI session ...
Glpi-project Glpi
8.1
CVSSv3
CVE-2023-28632
GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, an authenticated user can modify emails of any user, and can therefore takeover another user account through the "forgotten password" feature. By m...
Glpi-project Glpi
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook