Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
glpi vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2014-5032
GLPI prior to 0.84.7 does not properly restrict access to cost information, which allows remote malicious users to obtain sensitive information via the cost criteria in the search bar.
Glpi-project Glpi
NA
CVE-2023-35940
GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a file allows an unauthenticated user to be able to access dashboards data. Version 10.0.8 contains a patch for this issue.
Glpi-project Glpi
5
CVSSv2
CVE-2020-15176
In GLPI before version 9.5.2, when supplying a back tick in input that gets put into a SQL query,the application does not escape or sanitize allowing for SQL Injection to occur. Leveraging this vulnerability an attacker is able to exfiltrate sensitive information like passwords, ...
Glpi-project Glpi
5
CVSSv2
CVE-2020-15217
In GLPI before version 9.5.2, there is a leakage of user information through the public FAQ. The issue was introduced in version 9.5.0 and patched in 9.5.2. As a workaround, disable public access to the FAQ.
Glpi-project Glpi
NA
CVE-2024-23645
GLPI is a Free Asset and IT Management Software package. A malicious URL can be used to execute XSS on reports pages. Upgrade to 10.0.12.
Glpi-project Glpi
3.5
CVSSv2
CVE-2021-39210
GLPI is a free Asset and IT management software package. In versions before 9.5.6, the cookie used to store the autologin cookie (when a user uses the "remember me" feature) is accessible by scripts. A malicious plugin that could steal this cookie would be able to use i...
Glpi-project Glpi
7.5
CVSSv2
CVE-2017-11474
GLPI prior to 9.1.5.1 has SQL Injection in the $crit variable in inc/computer_softwareversion.class.php, exploitable via ajax/common.tabs.php.
Glpi-project Glpi
6.5
CVSSv2
CVE-2017-11475
GLPI prior to 9.1.5.1 has SQL Injection in the condition rule field, exploitable via front/rulesengine.test.php.
Glpi-project Glpi
NA
CVE-2023-35924
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.8, GLPI inventory endpoint can be used to drive a SQL injection attack. By default, GLPI inventory endpoint requires no authentication. Version 10.0.8 has a patch for thi...
Glpi-project Glpi
NA
CVE-2023-35939
GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a on a file accessible by an authenticated user (or not for certain actions), allows a threat actor to interact, modify, or see Dashboard d...
Glpi-project Glpi
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »