Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

glpi-project glpi vulnerabilities and exploits

(subscribe to this query)
6.4
CVSSv2

CVE-2013-2225

inc/ticket.class.php in GLPI 0.83.9 and previous versions allows remote malicious users to unserialize arbitrary PHP objects via the _predefined_fields parameter to front/ticket.form.php.
Glpi-project GlpiGlpi-project Glpi 0.5Glpi-project Glpi 0.6Glpi-project Glpi 0.20Glpi-project Glpi 0.21Glpi-project Glpi 0.30Glpi-project Glpi 0.31Glpi-project Glpi 0.40Glpi-project Glpi 0.41Glpi-project Glpi 0.42Glpi-project Glpi 0.51Glpi-project Glpi 0.51a
6.8
CVSSv2

CVE-2012-4002

Cross-site request forgery (CSRF) vulnerability in GLPI-PROJECT GLPI prior to 0.83.3 allows remote malicious users to hijack the authentication of unspecified victims via unknown vectors.
Glpi-project GlpiGlpi-project Glpi 0.5Glpi-project Glpi 0.6Glpi-project Glpi 0.20Glpi-project Glpi 0.21Glpi-project Glpi 0.30Glpi-project Glpi 0.31Glpi-project Glpi 0.40Glpi-project Glpi 0.41Glpi-project Glpi 0.42Glpi-project Glpi 0.51Glpi-project Glpi 0.51a
4.3
CVSSv2

CVE-2012-4003

Multiple cross-site scripting (XSS) vulnerabilities in GLPI-PROJECT GLPI prior to 0.83.3 allow remote malicious users to inject arbitrary web script or HTML via unknown vectors.
Glpi-project GlpiGlpi-project Glpi 0.5Glpi-project Glpi 0.6Glpi-project Glpi 0.20Glpi-project Glpi 0.21Glpi-project Glpi 0.30Glpi-project Glpi 0.31Glpi-project Glpi 0.40Glpi-project Glpi 0.41Glpi-project Glpi 0.42Glpi-project Glpi 0.51Glpi-project Glpi 0.51a
5
CVSSv2

CVE-2011-2720

The autocompletion functionality in GLPI prior to 0.80.2 does not blacklist certain username and password fields, which allows remote malicious users to obtain sensitive information via a crafted POST request.
Glpi-project GlpiGlpi-project Glpi 0.5Glpi-project Glpi 0.6Glpi-project Glpi 0.42Glpi-project Glpi 0.51Glpi-project Glpi 0.51aGlpi-project Glpi 0.65Glpi-project Glpi 0.68Glpi-project Glpi 0.68.1Glpi-project Glpi 0.68.2Glpi-project Glpi 0.68.3Glpi-project Glpi 0.70
6.8
CVSSv2

CVE-2013-5696

inc/central.class.php in GLPI prior to 0.84.2 does not attempt to make install/install.php unavailable after an installation is completed, which allows remote malicious users to conduct cross-site request forgery (CSRF) attacks, and (1) perform a SQL injection via an Etape_4 acti...
Glpi-project GlpiGlpi-project Glpi 0.5Glpi-project Glpi 0.6Glpi-project Glpi 0.20Glpi-project Glpi 0.21Glpi-project Glpi 0.30Glpi-project Glpi 0.31Glpi-project Glpi 0.40Glpi-project Glpi 0.41Glpi-project Glpi 0.42Glpi-project Glpi 0.51Glpi-project Glpi 0.51a
6.5
CVSSv2

CVE-2012-1037

PHP remote file inclusion vulnerability in front/popup.php in GLPI 0.78 up to and including 0.80.61 allows remote authenticated users to execute arbitrary PHP code via a URL in the sub_type parameter.
Glpi-project Glpi 0.78Glpi-project Glpi 0.78.1Glpi-project Glpi 0.78.2Glpi-project Glpi 0.78.3Glpi-project Glpi 0.78.4Glpi-project Glpi 0.78.5Glpi-project Glpi 0.80Glpi-project Glpi 0.80.1Glpi-project Glpi 0.80.2Glpi-project Glpi 0.80.3Glpi-project Glpi 0.80.4Glpi-project Glpi 0.80.5
7.5
CVSSv2

CVE-2013-2226

Multiple SQL injection vulnerabilities in GLPI prior to 0.83.9 allow remote malicious users to execute arbitrary SQL commands via the (1) users_id_assign parameter to ajax/ticketassigninformation.php, (2) filename parameter to front/document.form.php, or (3) table parameter to aj...
Glpi-project GlpiGlpi-project Glpi 0.83Glpi-project Glpi 0.83.1Glpi-project Glpi 0.83.2Glpi-project Glpi 0.83.3Glpi-project Glpi 0.83.4Glpi-project Glpi 0.83.5Glpi-project Glpi 0.83.6Glpi-project Glpi 0.83.7Glpi-project Glpi 0.83.31
5.4
CVSSv3

CVE-2022-24876

GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Kanban is a GLPI view to display Projects, Tickets, Changes or Problems on a task board. In versions before 10.0.1 a user can exploit a cros...
Glpi-project GlpiGlpi-project Glpi 10.0.0
6.5
CVSSv3

CVE-2022-29250

GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions prior to version 10.0.1 it is possible to add extra information by SQL injection on search pages. In order to exploit this vulne...
Glpi-project GlpiGlpi-project Glpi 10.0.0
7.2
CVSSv3

CVE-2023-34254

The GLPI Agent is a generic management agent. Prior to version 1.5, if glpi-agent is running remoteinventory task against an Unix platform with ssh command, an administrator user on the remote can manage to inject a command in a specific workflow the agent would run with the priv...
Glpi-project Glpi-agentGlpi-project Glpi Agent
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
cameravalidationCVE-2025-39395CVE-2025-39445andreykCVE-2025-4664ciyashopedumawordpress events calendar registration & ticketsCVE-2025-39376CVE-2025-43836CVE-2025-4918local
Home
/
Search Results
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook