Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
glpi-project vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2022-24869
GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions before 10.0.0 one can use ticket's followups or setup login messages with a stylesheet link. This may allow for a cross sit...
Glpi-project Glpi
5.4
CVSSv3
CVE-2022-24868
GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions before 10.0.0 one can exploit a lack of sanitization on SVG file uploads and inject javascript into their user avatar. As a resu...
Glpi-project Glpi
9.8
CVSSv3
CVE-2021-44617
A SQL Injection vulnerability exits in the Ramo plugin for GLPI 9.4.6 via the idu parameter in plugins/ramo/ramoapirest.php/getOutdated.
Glpi-project Glpi 9.4.6
4.9
CVSSv3
CVE-2022-21720
GLPI is a free asset and IT management software package. Prior to version 9.5.7, an entity administrator is capable of retrieving normally inaccessible data via SQL injection. Version 9.5.7 contains a patch for this issue. As a workaround, disabling the `Entities` update right pr...
Glpi-project Glpi
6.1
CVSSv3
CVE-2022-21719
GLPI is a free asset and IT management software package. All GLPI versions before 9.5.7 are vulnerable to reflected cross-site scripting. Version 9.5.7 contains a patch for this issue. There are no known workarounds.
Glpi-project Glpi
7.5
CVSSv3
CVE-2021-43778
Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability. This issue was patched in version 2.6.1. As a workaround, delete the `front/send.php`...
Glpi-project Barcode
1 Github repository
6.5
CVSSv3
CVE-2021-39210
GLPI is a free Asset and IT management software package. In versions before 9.5.6, the cookie used to store the autologin cookie (when a user uses the "remember me" feature) is accessible by scripts. A malicious plugin that could steal this cookie would be able to use i...
Glpi-project Glpi
5.3
CVSSv3
CVE-2021-39211
GLPI is a free Asset and IT management software package. Starting in version 9.2 and prior to version 9.5.6, the telemetry endpoint discloses GLPI and server information. This issue is fixed in version 9.5.6. As a workaround, remove the file `ajax/telemetry.php`, which is not nee...
Glpi-project Glpi
8.8
CVSSv3
CVE-2021-39213
GLPI is a free Asset and IT management software package. Starting in version 9.1 and prior to version 9.5.6, GLPI with API Rest enabled is vulnerable to API bypass with custom header injection. This issue is fixed in version 9.5.6. One may disable API Rest as a workaround.
Glpi-project Glpi
8.8
CVSSv3
CVE-2021-39209
GLPI is a free Asset and IT management software package. In versions before 9.5.6, a user who is logged in to GLPI can bypass Cross-Site Request Forgery (CSRF) protection in many places. This could allow a malicious actor to perform many actions on GLPI. This issue is fixed in ve...
Glpi-project Glpi
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
malicious code
camera
CVE-2023-46694
CVE-2023-43847
CVE-2023-30311
CVE-2024-27842
CVE-2024-30165
arbitrary code
CVE-2024-21683
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »