Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
glpi-project glpi vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-31061
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions there is a SQL injection vulnerability which is possible on login page. No user credentials are required to exploit th...
Glpi-project Glpi
2 Github repositories
5.3
CVSSv3
CVE-2022-31068
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all GLPI instances with the native inventory used may leak sensitive information. The feature to get refused file is n...
Glpi-project Glpi
6.1
CVSSv3
CVE-2020-15177
In GLPI before version 9.5.2, the `install/install.php` endpoint insecurely stores user input into the database as `url_base` and `url_base_api`. These settings are referenced throughout the application and allow for vulnerabilities like Cross-Site Scripting and Insecure Redirect...
Glpi-project Glpi
9.8
CVSSv3
CVE-2023-41320
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. UI layout preferences management can be hijacked to lead to SQL injection. This injection...
Glpi-project Glpi
1 Github repository
9.8
CVSSv3
CVE-2023-42802
GLPI is a free asset and IT management software package. Starting in version 10.0.7 and prior to version 10.0.10, an unverified object instantiation allows one to upload malicious PHP files to unwanted directories. Depending on web server configuration and available system librar...
Glpi-project Glpi
1 Github repository
4.8
CVSSv3
CVE-2022-41941
GLPI is a Free Asset and IT Management Software package. Versions 10.0.0 and above, before 10.0.6, are subject to Cross-site Scripting. An administrator may store malicious code in help links. This issue is patched in 10.0.6.
Glpi-project Glpi
6.5
CVSSv3
CVE-2023-23610
GLPI is a Free Asset and IT Management Software package. Versions before 9.5.12 and 10.0.6 are vulnerable to Improper Privilege Management. Any user having access to the standard interface can export data of almost any GLPI item type, even those on which user is not allowed to ac...
Glpi-project Glpi
8.1
CVSSv3
CVE-2019-10233
Teclib GLPI prior to 9.4.1.1 is affected by a timing attack associated with a cookie.
Glpi-project Glpi
9.8
CVSSv3
CVE-2023-36808
GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.8, Computer Virtual Machine form and GLPI inventory request can be used to perform a SQL injection attack. Version 10.0.8 has a patch for this issue. As a workaround, one m...
Glpi-project Glpi
4.3
CVSSv3
CVE-2020-15226
In GLPI before version 9.5.2, there is a SQL Injection in the API's search function. Not only is it possible to break the SQL syntax, but it is also possible to utilise a UNION SELECT query to reflect sensitive information such as the current database version, or database us...
Glpi-project Glpi
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-28995
CVE-2024-36680
CVE-2024-35537
unauthorized
CVE-2024-21518
CVE-2024-37673
cross-site scripting
SSRF
CVE-2024-6241
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »