Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
glpi-project glpi vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2013-2227
GLPI 0.83.7 has Local File Inclusion in common.tabs.php.
Glpi-project Glpi 0.83.7
Debian Debian Linux 8.0
1 EDB exploit
7.5
CVSSv3
CVE-2018-7562
A remote code execution issue exists in GLPI up to and including 9.2.1. There is a race condition that allows temporary access to an uploaded executable file that will be disallowed. The application allows an authenticated user to upload a file when he/she creates a new ticket vi...
Glpi-project Glpi
7.5
CVSSv3
CVE-2016-7508
Multiple SQL injection vulnerabilities in GLPI 0.90.4 allow an authenticated remote malicious user to execute arbitrary SQL commands by using a certain character when the database is configured to use Big5 Asian encoding.
Glpi-project Glpi 0.90.4
1 EDB exploit
7.2
CVSSv3
CVE-2023-34254
The GLPI Agent is a generic management agent. Prior to version 1.5, if glpi-agent is running remoteinventory task against an Unix platform with ssh command, an administrator user on the remote can manage to inject a command in a specific workflow the agent would run with the priv...
Glpi-project Glpi Agent
7.2
CVSSv3
CVE-2020-11033
In GLPI from version 9.1 and before version 9.4.6, any API user with READ right on User itemtype will have access to full list of users when querying apirest.php/User. The response contains: - All api_tokens which can be used to do privileges escalations or read/update/delete dat...
Glpi-project Glpi
Fedoraproject Fedora 31
Fedoraproject Fedora 32
7.2
CVSSv3
CVE-2020-11032
In GLPI before version 9.4.6, there is a SQL injection vulnerability for all helpdesk instances. Exploiting this vulnerability requires a technician account. This is fixed in version 9.4.6.
Glpi-project Glpi 9.4.5
7.1
CVSSv3
CVE-2020-15108
In glpi prior to 9.5.1, there is a SQL injection for all usages of "Clone" feature. This has been fixed in 9.5.1.
Glpi-project Glpi
6.5
CVSSv3
CVE-2023-41321
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API user can enumerate sensitive fields values on resources on which he has read acces...
Glpi-project Glpi
6.5
CVSSv3
CVE-2023-34107
GLPI is a free asset and IT management software package. Versions of the software starting with 9.2.0 and before 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user, allows access to the view all KnowbaseItems. Version 10.0.8 has a patch for t...
Glpi-project Glpi
6.5
CVSSv3
CVE-2023-34106
GLPI is a free asset and IT management software package. Versions of the software starting with 0.68 and before 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user. This allows access to the list of all users and their personal information. Us...
Glpi-project Glpi
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »