Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
glpi-project glpi vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2023-34107
GLPI is a free asset and IT management software package. Versions of the software starting with 9.2.0 and before 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user, allows access to the view all KnowbaseItems. Version 10.0.8 has a patch for t...
Glpi-project Glpi
9.8
CVSSv3
CVE-2023-35924
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.8, GLPI inventory endpoint can be used to drive a SQL injection attack. By default, GLPI inventory endpoint requires no authentication. Version 10.0.8 has a patch for thi...
Glpi-project Glpi
6.5
CVSSv3
CVE-2023-34106
GLPI is a free asset and IT management software package. Versions of the software starting with 0.68 and before 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user. This allows access to the list of all users and their personal information. Us...
Glpi-project Glpi
7.2
CVSSv3
CVE-2023-34254
The GLPI Agent is a generic management agent. Prior to version 1.5, if glpi-agent is running remoteinventory task against an Unix platform with ssh command, an administrator user on the remote can manage to inject a command in a specific workflow the agent would run with the priv...
Glpi-project Glpi Agent
6.5
CVSSv3
CVE-2022-34125
front/icon.send.php in the CMDB plugin prior to 3.0.3 for GLPI allows malicious users to gain read access to sensitive information via a _log/ pathname in the file parameter.
Glpi-project Cmdb
7.5
CVSSv3
CVE-2022-34126
The Activity plugin prior to 3.1.1 for GLPI allows reading local files via directory traversal in the front/cra.send.php file parameter.
Glpi-project Activity
7.5
CVSSv3
CVE-2022-34127
The Managentities plugin prior to 4.0.2 for GLPI allows reading local files via directory traversal in the inc/cri.class.php file parameter.
Glpi-project Manageentities
9.8
CVSSv3
CVE-2022-34128
The Cartography (aka positions) plugin prior to 6.0.1 for GLPI allows remote code execution via PHP code in the POST data to front/upload.php.
Glpi-project Positions
8.8
CVSSv3
CVE-2023-29006
The Order GLPI plugin allows users to manage order management within GLPI. Starting with version 1.8.0 and prior to versions 2.7.7 and 2.10.1, an authenticated user that has access to standard interface can craft an URL that can be used to execute a system command. Versions 2.7.7...
Glpi-project Order
Glpi-project Order 2.10.0
4.8
CVSSv3
CVE-2023-28636
GLPI is a free asset and IT management software package. Starting in version 0.60 and prior to versions 9.5.13 and 10.0.7, a vulnerability allows an administrator to create a malicious external link. This issue is fixed in versions 9.5.13 and 10.0.7.
Glpi-project Glpi
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »