Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
glpi-project glpi 0.83.3 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2013-2226
Multiple SQL injection vulnerabilities in GLPI prior to 0.83.9 allow remote malicious users to execute arbitrary SQL commands via the (1) users_id_assign parameter to ajax/ticketassigninformation.php, (2) filename parameter to front/document.form.php, or (3) table parameter to aj...
Glpi-project Glpi
Glpi-project Glpi 0.83.7
Glpi-project Glpi 0.83.6
Glpi-project Glpi 0.83.5
Glpi-project Glpi 0.83.1
Glpi-project Glpi 0.83
Glpi-project Glpi 0.83.4
Glpi-project Glpi 0.83.3
Glpi-project Glpi 0.83.31
Glpi-project Glpi 0.83.2
1 EDB exploit
6.8
CVSSv2
CVE-2012-4002
Cross-site request forgery (CSRF) vulnerability in GLPI-PROJECT GLPI prior to 0.83.3 allows remote malicious users to hijack the authentication of unspecified victims via unknown vectors.
Glpi-project Glpi 0.70
Glpi-project Glpi 0.68.1
Glpi-project Glpi 0.80.3
Glpi-project Glpi 0.71.1
Glpi-project Glpi 0.80.6
Glpi-project Glpi 0.70.1
Glpi-project Glpi 0.72
Glpi-project Glpi 0.72.3
Glpi-project Glpi 0.72.1
Glpi-project Glpi 0.31
Glpi-project Glpi 0.78.3
Glpi-project Glpi 0.6
Glpi-project Glpi 0.5
Glpi-project Glpi 0.68.3
Glpi-project Glpi 0.71
Glpi-project Glpi 0.80.4
Glpi-project Glpi 0.80.61
Glpi-project Glpi 0.71.3
Glpi-project Glpi 0.71.2
Glpi-project Glpi 0.30
Glpi-project Glpi 0.71.6
Glpi-project Glpi 0.80.1
4.3
CVSSv2
CVE-2012-4003
Multiple cross-site scripting (XSS) vulnerabilities in GLPI-PROJECT GLPI prior to 0.83.3 allow remote malicious users to inject arbitrary web script or HTML via unknown vectors.
Glpi-project Glpi 0.68.1
Glpi-project Glpi 0.68.2
Glpi-project Glpi 0.71.1
Glpi-project Glpi 0.80.2
Glpi-project Glpi 0.70.1
Glpi-project Glpi 0.72
Glpi-project Glpi 0.72.3
Glpi-project Glpi 0.20
Glpi-project Glpi 0.72.1
Glpi-project Glpi 0.72.2
Glpi-project Glpi 0.78.3
Glpi-project Glpi 0.40
Glpi-project Glpi 0.6
Glpi-project Glpi 0.65
Glpi-project Glpi 0.5
Glpi-project Glpi 0.51
Glpi-project Glpi 0.68.3
Glpi-project Glpi 0.70
Glpi-project Glpi 0.80.3
Glpi-project Glpi 0.80.6
Glpi-project Glpi 0.71.2
Glpi-project Glpi 0.71.6
6.4
CVSSv2
CVE-2013-2225
inc/ticket.class.php in GLPI 0.83.9 and previous versions allows remote malicious users to unserialize arbitrary PHP objects via the _predefined_fields parameter to front/ticket.form.php.
Glpi-project Glpi 0.21
Glpi-project Glpi 0.30
Glpi-project Glpi 0.31
Glpi-project Glpi 0.40
Glpi-project Glpi 0.65
Glpi-project Glpi 0.68
Glpi-project Glpi 0.71.1
Glpi-project Glpi 0.5
Glpi-project Glpi 0.51
Glpi-project Glpi 0.51a
Glpi-project Glpi 0.6
Glpi-project Glpi 0.70
Glpi-project Glpi 0.72
Glpi-project Glpi 0.72.1
Glpi-project Glpi 0.83.6
Glpi-project Glpi 0.83.5
Glpi-project Glpi 0.83.4
Glpi-project Glpi 0.83.31
Glpi-project Glpi 0.42
Glpi-project Glpi 0.68.2
Glpi-project Glpi 0.70.2
Glpi-project Glpi 0.71.3
1 EDB exploit
6.8
CVSSv2
CVE-2013-5696
inc/central.class.php in GLPI prior to 0.84.2 does not attempt to make install/install.php unavailable after an installation is completed, which allows remote malicious users to conduct cross-site request forgery (CSRF) attacks, and (1) perform a SQL injection via an Etape_4 acti...
Glpi-project Glpi 0.83.8
Glpi-project Glpi 0.83.9
Glpi-project Glpi 0.83.91
Glpi-project Glpi 0.84
Glpi-project Glpi 0.80.4
Glpi-project Glpi 0.80.3
Glpi-project Glpi 0.80.2
Glpi-project Glpi 0.80.1
Glpi-project Glpi 0.72
Glpi-project Glpi 0.71.6
Glpi-project Glpi 0.71.5
Glpi-project Glpi 0.70
Glpi-project Glpi 0.68.3
Glpi-project Glpi 0.68.2
Glpi-project Glpi 0.51
Glpi-project Glpi 0.5
Glpi-project Glpi 0.83.31
Glpi-project Glpi 0.83.3
Glpi-project Glpi 0.83.2
Glpi-project Glpi 0.83.1
Glpi-project Glpi 0.83
Glpi-project Glpi 0.78.2
2 EDB exploits
6.4
CVSSv2
CVE-2020-11035
In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated using an insecure algorithm. The implementation uses rand and uniqid and MD5 which does not provide secure values. This is fixed in version 9.4.6.
Glpi-project Glpi
Fedoraproject Fedora 31
Fedoraproject Fedora 32
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-26978
CVE-2024-26982
wireless
CVE-2023-6949
CVE-2024-26980
CVE-2024-32766
CVE-2024-26939
cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started