Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
glpi vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2021-21325
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 a new budget type can be defined by user. This input is not correctly filtered. This results in a cross-...
Glpi-project Glpi
6.1
CVSSv3
CVE-2023-34244
GLPI is a free asset and IT management software package. Starting in version 9.4.0 and prior to version 10.0.8, a malicious link can be crafted by an unauthenticated user that can exploit a reflected XSS in case any authenticated user opens the crafted link. Users should upgrade ...
Glpi-project Glpi
9.8
CVSSv3
CVE-2017-11329
GLPI prior to 9.1.5 allows SQL injection via an ajax/getDropdownValue.php request with an entity_restrict parameter that is not a list of integers.
Glpi-project Glpi
8.8
CVSSv3
CVE-2017-11475
GLPI prior to 9.1.5.1 has SQL Injection in the condition rule field, exploitable via front/rulesengine.test.php.
Glpi-project Glpi
4.3
CVSSv3
CVE-2020-15226
In GLPI before version 9.5.2, there is a SQL Injection in the API's search function. Not only is it possible to break the SQL syntax, but it is also possible to utilise a UNION SELECT query to reflect sensitive information such as the current database version, or database us...
Glpi-project Glpi
6.1
CVSSv3
CVE-2019-13239
inc/user.class.php in GLPI prior to 9.4.3 allows XSS via a user picture.
Glpi-project Glpi
9.1
CVSSv3
CVE-2020-15175
In GLPI before version 9.5.2, the `?pluginimage.send.php?` endpoint allows a user to specify an image from a plugin. The parameters can be maliciously crafted to instead delete the .htaccess file for the files directory. Any user becomes able to read all the files and folders con...
Glpi-project Glpi
1 Github repository
6.1
CVSSv3
CVE-2020-15177
In GLPI before version 9.5.2, the `install/install.php` endpoint insecurely stores user input into the database as `url_base` and `url_base_api`. These settings are referenced throughout the application and allow for vulnerabilities like Cross-Site Scripting and Insecure Redirect...
Glpi-project Glpi
5.3
CVSSv3
CVE-2020-15217
In GLPI before version 9.5.2, there is a leakage of user information through the public FAQ. The issue was introduced in version 9.5.0 and patched in 9.5.2. As a workaround, disable public access to the FAQ.
Glpi-project Glpi
9.8
CVSSv3
CVE-2022-35914
/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI up to and including 10.0.2 allows PHP code injection.
Glpi-project Glpi
12 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »