Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
glpi-project glpi vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2021-21313
GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability in the /ajax/common.tabs.php endpoint, indeed, at least two parameters _target a...
Glpi-project Glpi
6.1
CVSSv3
CVE-2023-34244
GLPI is a free asset and IT management software package. Starting in version 9.4.0 and prior to version 10.0.8, a malicious link can be crafted by an unauthenticated user that can exploit a reflected XSS in case any authenticated user opens the crafted link. Users should upgrade ...
Glpi-project Glpi
6.5
CVSSv3
CVE-2021-39210
GLPI is a free Asset and IT management software package. In versions before 9.5.6, the cookie used to store the autologin cookie (when a user uses the "remember me" feature) is accessible by scripts. A malicious plugin that could steal this cookie would be able to use i...
Glpi-project Glpi
5.3
CVSSv3
CVE-2021-39211
GLPI is a free Asset and IT management software package. Starting in version 9.2 and prior to version 9.5.6, the telemetry endpoint discloses GLPI and server information. This issue is fixed in version 9.5.6. As a workaround, remove the file `ajax/telemetry.php`, which is not nee...
Glpi-project Glpi
8.8
CVSSv3
CVE-2021-39213
GLPI is a free Asset and IT management software package. Starting in version 9.1 and prior to version 9.5.6, GLPI with API Rest enabled is vulnerable to API bypass with custom header injection. This issue is fixed in version 9.5.6. One may disable API Rest as a workaround.
Glpi-project Glpi
6.1
CVSSv3
CVE-2022-21719
GLPI is a free asset and IT management software package. All GLPI versions before 9.5.7 are vulnerable to reflected cross-site scripting. Version 9.5.7 contains a patch for this issue. There are no known workarounds.
Glpi-project Glpi
8.8
CVSSv3
CVE-2018-13049
The constructSQL function in inc/search.class.php in GLPI 9.2.x up to and including 9.3.0 allows SQL Injection, as demonstrated by triggering a crafted LIMIT clause to front/computer.php.
Glpi-project Glpi
8.8
CVSSv3
CVE-2021-39209
GLPI is a free Asset and IT management software package. In versions before 9.5.6, a user who is logged in to GLPI can bypass Cross-Site Request Forgery (CSRF) protection in many places. This could allow a malicious actor to perform many actions on GLPI. This issue is fixed in ve...
Glpi-project Glpi
6.1
CVSSv3
CVE-2024-23645
GLPI is a Free Asset and IT Management Software package. A malicious URL can be used to execute XSS on reports pages. Upgrade to 10.0.12.
Glpi-project Glpi
NA
CVE-2014-8360
Directory traversal vulnerability in inc/autoload.function.php in GLPI prior to 0.84.8 allows remote malicious users to include and execute arbitrary local files via a .._ (dot dot underscore) in an item type to the getItemForItemtype, as demonstrated by the itemtype parameter in...
Glpi-project Glpi
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »