Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
glpi vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2018-7563
An issue exists in GLPI up to and including 9.2.1. The application is affected by XSS in the query string to front/preference.php. An attacker is able to create a malicious URL that, if opened by an authenticated user with debug privilege, will execute JavaScript code supplied by...
Glpi-project Glpi
4
CVSSv2
CVE-2020-26212
GLPI stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.3, any authenticated user has read-only permissions to ...
Glpi-project Glpi
4
CVSSv2
CVE-2020-27662
In GLPI prior to 9.5.3, ajax/comments.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an malicious user to read data from any database table (e.g., glpi_tickets, glpi_users, etc.).
Glpi-project Glpi
5
CVSSv2
CVE-2020-11031
In GLPI before version 9.5.0, the encryption algorithm used is insecure. The security of the data encrypted relies on the password used, if a user sets a weak/predictable password, an attacker could decrypt data. This is fixed in version 9.5.0 by using a more secure encryption li...
Glpi-project Glpi
3.5
CVSSv2
CVE-2020-11036
In GLPI before version 9.4.6 there are multiple related stored XSS vulnerabilities. The package is vulnerable to Stored XSS in the comments of items in the Knowledge base. Adding a comment with content "<script>alert(1)</script>" reproduces the attack. This ...
Glpi-project Glpi
9
CVSSv2
CVE-2020-11060
In GLPI prior to 9.4.6, an attacker can execute system commands by abusing the backup functionality. Theoretically, this vulnerability can be exploited by an attacker without a valid account by using a CSRF. Due to the difficulty of the exploitation, the attack is only conceivabl...
Glpi-project Glpi
2 Github repositories
3.5
CVSSv2
CVE-2020-11062
In GLPI after 0.68.1 and prior to 9.4.6, multiple reflexive XSS occur in Dropdown endpoints due to an invalid Content-Type. This has been fixed in version 9.4.6.
Glpi-project Glpi
4
CVSSv2
CVE-2020-27663
In GLPI prior to 9.5.3, ajax/getDropdownValue.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an malicious user to read data from any itemType (e.g., Ticket, Users, etc.).
Glpi-project Glpi
4
CVSSv2
CVE-2020-15108
In glpi prior to 9.5.1, there is a SQL injection for all usages of "Clone" feature. This has been fixed in 9.5.1.
Glpi-project Glpi
6.4
CVSSv2
CVE-2020-15175
In GLPI before version 9.5.2, the `?pluginimage.send.php?` endpoint allows a user to specify an image from a plugin. The parameters can be maliciously crafted to instead delete the .htaccess file for the files directory. Any user becomes able to read all the files and folders con...
Glpi-project Glpi
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »