Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
glpi vulnerabilities and exploits
(subscribe to this query)
802
VMScore
CVE-2020-11060
In GLPI prior to 9.4.6, an attacker can execute system commands by abusing the backup functionality. Theoretically, this vulnerability can be exploited by an attacker without a valid account by using a CSRF. Due to the difficulty of the exploitation, the attack is only conceivabl...
Glpi-project Glpi
2 Github repositories
801
VMScore
CVE-2021-43779
GLPI is an open source IT Asset Management, issue tracking system and service desk system. The GLPI addressing plugin in versions < 2.9.1 suffers from authenticated Remote Code Execution vulnerability, allowing access to the server's underlying operating system using comm...
Teclib-edition Addressing
801
VMScore
CVE-2015-7684
Unrestricted file upload in GLPI prior to 0.85.3 allows remote authenticated users to execute arbitrary code by adding a file with an executable extension as an attachment to a new ticket, then accessing it via a direct request to the file in files/_tmp/.
Glpi-project Glpi
755
VMScore
CVE-2013-2226
Multiple SQL injection vulnerabilities in GLPI prior to 0.83.9 allow remote malicious users to execute arbitrary SQL commands via the (1) users_id_assign parameter to ajax/ticketassigninformation.php, (2) filename parameter to front/document.form.php, or (3) table parameter to aj...
Glpi-project Glpi
Glpi-project Glpi 0.83.7
Glpi-project Glpi 0.83.6
Glpi-project Glpi 0.83.5
Glpi-project Glpi 0.83.1
Glpi-project Glpi 0.83
Glpi-project Glpi 0.83.4
Glpi-project Glpi 0.83.3
Glpi-project Glpi 0.83.31
Glpi-project Glpi 0.83.2
1 EDB exploit
694
VMScore
CVE-2022-24867
GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. When you pass the config to the javascript, some entries are filtered out. The variable ldap_pass is not filtered and when you look at the s...
Glpi-project Glpi
690
VMScore
CVE-2013-5696
inc/central.class.php in GLPI prior to 0.84.2 does not attempt to make install/install.php unavailable after an installation is completed, which allows remote malicious users to conduct cross-site request forgery (CSRF) attacks, and (1) perform a SQL injection via an Etape_4 acti...
Glpi-project Glpi 0.83.8
Glpi-project Glpi 0.83.9
Glpi-project Glpi 0.83.91
Glpi-project Glpi 0.84
Glpi-project Glpi 0.80.4
Glpi-project Glpi 0.80.3
Glpi-project Glpi 0.80.2
Glpi-project Glpi 0.80.1
Glpi-project Glpi 0.72
Glpi-project Glpi 0.71.6
Glpi-project Glpi 0.71.5
Glpi-project Glpi 0.70
Glpi-project Glpi 0.68.3
Glpi-project Glpi 0.68.2
Glpi-project Glpi 0.51
Glpi-project Glpi 0.5
Glpi-project Glpi 0.83.31
Glpi-project Glpi 0.83.3
Glpi-project Glpi 0.83.2
Glpi-project Glpi 0.83.1
Glpi-project Glpi 0.83
Glpi-project Glpi 0.78.2
2 EDB exploits
670
VMScore
CVE-2019-10232
Teclib GLPI up to and including 9.3.3 has SQL injection via the "cycle" parameter in /scripts/unlock_tasks.php.
Teclib-edition Gestionnaire Libre De Parc Informatique
668
VMScore
CVE-2022-31061
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions there is a SQL injection vulnerability which is possible on login page. No user credentials are required to exploit th...
Glpi-project Glpi
2 Github repositories
668
VMScore
CVE-2022-31056
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all assistance forms (Ticket/Change/Problem) permit sql injection on the actor fields. This issue has been resolved in...
Glpi-project Glpi
668
VMScore
CVE-2022-31082
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. glpi-inventory-plugin is a plugin for GLPI to handle inventory management. In affected versions a SQL injection can be made using package d...
Glpi-project Glpi Inventory
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »