Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
glpi-project glpi 0.80 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-36808
GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.8, Computer Virtual Machine form and GLPI inventory request can be used to perform a SQL injection attack. Version 10.0.8 has a patch for this issue. As a workaround, one m...
Glpi-project Glpi
NA
CVE-2013-2225
inc/ticket.class.php in GLPI 0.83.9 and previous versions allows remote malicious users to unserialize arbitrary PHP objects via the _predefined_fields parameter to front/ticket.form.php.
Glpi-project Glpi 0.21
Glpi-project Glpi 0.30
Glpi-project Glpi 0.31
Glpi-project Glpi 0.40
Glpi-project Glpi 0.65
Glpi-project Glpi 0.68
Glpi-project Glpi 0.71.1
Glpi-project Glpi 0.5
Glpi-project Glpi 0.51
Glpi-project Glpi 0.51a
Glpi-project Glpi 0.6
Glpi-project Glpi 0.70
Glpi-project Glpi 0.72
Glpi-project Glpi 0.72.1
Glpi-project Glpi 0.83.6
Glpi-project Glpi 0.83.5
Glpi-project Glpi 0.83.4
Glpi-project Glpi 0.83.31
Glpi-project Glpi 0.42
Glpi-project Glpi 0.68.2
Glpi-project Glpi 0.70.2
Glpi-project Glpi 0.71.3
1 EDB exploit
NA
CVE-2013-5696
inc/central.class.php in GLPI prior to 0.84.2 does not attempt to make install/install.php unavailable after an installation is completed, which allows remote malicious users to conduct cross-site request forgery (CSRF) attacks, and (1) perform a SQL injection via an Etape_4 acti...
Glpi-project Glpi 0.83.8
Glpi-project Glpi 0.83.9
Glpi-project Glpi 0.83.91
Glpi-project Glpi 0.84
Glpi-project Glpi 0.80.4
Glpi-project Glpi 0.80.3
Glpi-project Glpi 0.80.2
Glpi-project Glpi 0.80.1
Glpi-project Glpi 0.72
Glpi-project Glpi 0.71.6
Glpi-project Glpi 0.71.5
Glpi-project Glpi 0.70
Glpi-project Glpi 0.68.3
Glpi-project Glpi 0.68.2
Glpi-project Glpi 0.51
Glpi-project Glpi 0.5
Glpi-project Glpi 0.83.31
Glpi-project Glpi 0.83.3
Glpi-project Glpi 0.83.2
Glpi-project Glpi 0.83.1
Glpi-project Glpi 0.83
Glpi-project Glpi 0.78.2
2 EDB exploits
NA
CVE-2012-4003
Multiple cross-site scripting (XSS) vulnerabilities in GLPI-PROJECT GLPI prior to 0.83.3 allow remote malicious users to inject arbitrary web script or HTML via unknown vectors.
Glpi-project Glpi 0.68.1
Glpi-project Glpi 0.68.2
Glpi-project Glpi 0.71.1
Glpi-project Glpi 0.80.2
Glpi-project Glpi 0.70.1
Glpi-project Glpi 0.72
Glpi-project Glpi 0.72.3
Glpi-project Glpi 0.20
Glpi-project Glpi 0.72.1
Glpi-project Glpi 0.72.2
Glpi-project Glpi 0.78.3
Glpi-project Glpi 0.40
Glpi-project Glpi 0.6
Glpi-project Glpi 0.65
Glpi-project Glpi 0.5
Glpi-project Glpi 0.51
Glpi-project Glpi 0.68.3
Glpi-project Glpi 0.70
Glpi-project Glpi 0.80.3
Glpi-project Glpi 0.80.6
Glpi-project Glpi 0.71.2
Glpi-project Glpi 0.71.6
NA
CVE-2012-4002
Cross-site request forgery (CSRF) vulnerability in GLPI-PROJECT GLPI prior to 0.83.3 allows remote malicious users to hijack the authentication of unspecified victims via unknown vectors.
Glpi-project Glpi 0.70
Glpi-project Glpi 0.68.1
Glpi-project Glpi 0.80.3
Glpi-project Glpi 0.71.1
Glpi-project Glpi 0.80.6
Glpi-project Glpi 0.70.1
Glpi-project Glpi 0.72
Glpi-project Glpi 0.72.3
Glpi-project Glpi 0.72.1
Glpi-project Glpi 0.31
Glpi-project Glpi 0.78.3
Glpi-project Glpi 0.6
Glpi-project Glpi 0.5
Glpi-project Glpi 0.68.3
Glpi-project Glpi 0.71
Glpi-project Glpi 0.80.4
Glpi-project Glpi 0.80.61
Glpi-project Glpi 0.71.3
Glpi-project Glpi 0.71.2
Glpi-project Glpi 0.30
Glpi-project Glpi 0.71.6
Glpi-project Glpi 0.80.1
NA
CVE-2012-1037
PHP remote file inclusion vulnerability in front/popup.php in GLPI 0.78 up to and including 0.80.61 allows remote authenticated users to execute arbitrary PHP code via a URL in the sub_type parameter.
Glpi-project Glpi 0.80
Glpi-project Glpi 0.80.1
Glpi-project Glpi 0.80.2
Glpi-project Glpi 0.80.3
Glpi-project Glpi 0.78
Glpi-project Glpi 0.78.1
Glpi-project Glpi 0.78.3
Glpi-project Glpi 0.78.5
Glpi-project Glpi 0.80.4
Glpi-project Glpi 0.80.6
Glpi-project Glpi 0.78.2
Glpi-project Glpi 0.78.4
Glpi-project Glpi 0.80.5
Glpi-project Glpi 0.80.61
NA
CVE-2011-2720
The autocompletion functionality in GLPI prior to 0.80.2 does not blacklist certain username and password fields, which allows remote malicious users to obtain sensitive information via a crafted POST request.
Glpi-project Glpi
Glpi-project Glpi 0.80
Glpi-project Glpi 0.72.4
Glpi-project Glpi 0.72.3
Glpi-project Glpi 0.72.2
Glpi-project Glpi 0.71.5
Glpi-project Glpi 0.71.4
Glpi-project Glpi 0.71.1
Glpi-project Glpi 0.78.1
Glpi-project Glpi 0.78
Glpi-project Glpi 0.72
Glpi-project Glpi 0.70
Glpi-project Glpi 0.68.3
Glpi-project Glpi 0.68.2
Glpi-project Glpi 0.65
Glpi-project Glpi 0.5
Glpi-project Glpi 0.78.3
Glpi-project Glpi 0.78.2
Glpi-project Glpi 0.71.6
Glpi-project Glpi 0.71
Glpi-project Glpi 0.68
Glpi-project Glpi 0.51a
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started