Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
glpi-project glpi vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-31061
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions there is a SQL injection vulnerability which is possible on login page. No user credentials are required to exploit th...
Glpi-project Glpi
2 Github repositories
5.3
CVSSv3
CVE-2022-31068
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all GLPI instances with the native inventory used may leak sensitive information. The feature to get refused file is n...
Glpi-project Glpi
6.5
CVSSv3
CVE-2020-26212
GLPI stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.3, any authenticated user has read-only permissions to ...
Glpi-project Glpi
7.5
CVSSv3
CVE-2022-24867
GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. When you pass the config to the javascript, some entries are filtered out. The variable ldap_pass is not filtered and when you look at the s...
Glpi-project Glpi
5.4
CVSSv3
CVE-2022-24868
GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions before 10.0.0 one can exploit a lack of sanitization on SVG file uploads and inject javascript into their user avatar. As a resu...
Glpi-project Glpi
5.4
CVSSv3
CVE-2022-24869
GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions before 10.0.0 one can use ticket's followups or setup login messages with a stylesheet link. This may allow for a cross sit...
Glpi-project Glpi
NA
CVE-2014-9258
SQL injection vulnerability in ajax/getDropdownValue.php in GLPI prior to 0.85.1 allows remote authenticated users to execute arbitrary SQL commands via the condition parameter.
Glpi-project Glpi
1 EDB exploit
5.3
CVSSv3
CVE-2022-39276
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Usage of RSS feeds or an external calendar in planning is subject to SSRF exploit. I...
Glpi-project Glpi
4.8
CVSSv3
CVE-2022-39277
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. External links are not properly sanitized and can therefore be used for a Cross-Site...
Glpi-project Glpi
9.8
CVSSv3
CVE-2022-39323
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Time based attack using a SQL injection in api REST user_token. This issue has been ...
Glpi-project Glpi
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »