Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
glpi-project glpi vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2019-10233
Teclib GLPI prior to 9.4.1.1 is affected by a timing attack associated with a cookie.
Glpi-project Glpi
8
CVSSv3
CVE-2016-7507
Cross-Site Request Forgery (CSRF) vulnerability in GLPI 0.90.4 allows remote authenticated malicious users to submit a request that could lead to the creation of an admin account in the application.
Glpi-project Glpi 0.90.4
7.5
CVSSv3
CVE-2023-35940
GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a file allows an unauthenticated user to be able to access dashboards data. Version 10.0.8 contains a patch for this issue.
Glpi-project Glpi
7.5
CVSSv3
CVE-2022-34126
The Activity plugin prior to 3.1.1 for GLPI allows reading local files via directory traversal in the front/cra.send.php file parameter.
Glpi-project Activity
7.5
CVSSv3
CVE-2022-34127
The Managentities plugin prior to 4.0.2 for GLPI allows reading local files via directory traversal in the inc/cri.class.php file parameter.
Glpi-project Manageentities
7.5
CVSSv3
CVE-2023-22500
GLPI is a Free Asset and IT Management Software package. Versions 10.0.0 and above, before 10.0.6 are vulnerable to Incorrect Authorization. This vulnerability allow unauthorized access to inventory files. Thus, if anonymous access to FAQ is allowed, inventory files are accessbil...
Glpi-project Glpi
7.5
CVSSv3
CVE-2022-24867
GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. When you pass the config to the javascript, some entries are filtered out. The variable ldap_pass is not filtered and when you look at the s...
Glpi-project Glpi
7.5
CVSSv3
CVE-2021-43778
Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability. This issue was patched in version 2.6.1. As a workaround, delete the `front/send.php`...
Glpi-project Barcode
1 Github repository
7.5
CVSSv3
CVE-2021-21327
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 non-authenticated user can remotely instantiate object of any class existing in the GLPI environment tha...
Glpi-project Glpi
7.5
CVSSv3
CVE-2020-11031
In GLPI before version 9.5.0, the encryption algorithm used is insecure. The security of the data encrypted relies on the password used, if a user sets a weak/predictable password, an attacker could decrypt data. This is fixed in version 9.5.0 by using a more secure encryption li...
Glpi-project Glpi
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »