Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
teclib-edition vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-12723
An issue exists in the Teclib Fields plugin up to and including 1.9.2 for GLPI. it allows SQL Injection via container_id and old_order parameters to ajax/reorder.php by an unauthenticated user.
Teclib-edition Fields
9.9
CVSSv3
CVE-2021-43779
GLPI is an open source IT Asset Management, issue tracking system and service desk system. The GLPI addressing plugin in versions < 2.9.1 suffers from authenticated Remote Code Execution vulnerability, allowing access to the server's underlying operating system using comm...
Teclib-edition Addressing
6.5
CVSSv3
CVE-2023-28855
Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to versions 1.13.1 and 1.20.4, lack of access control check allows any authenticated user to write data to any fields container, including those to which they have no configured access. Vers...
Teclib-edition Fields
6.1
CVSSv3
CVE-2019-12724
An issue exists in the Teclib News plugin up to and including 1.5.2 for GLPI. It allows a stored XSS attack via the $_POST['name'] parameter.
Teclib-edition News
5.4
CVSSv3
CVE-2023-33971
Formcreator is a GLPI plugin which allow creation of custom forms and the creation of one or more tickets when the form is filled. A probable stored cross-site scripting vulnerability is present in Formcreator 2.13.5 and prior via the use of the use of `##FULLFORM##` for renderin...
Teclib-edition Form Creator 2.13.5
3.3
CVSSv3
CVE-2018-7289
An issue exists in armadito-windows-driver/src/communication.c in Armadito 0.12.7.2. Malware with filenames containing pure UTF-16 characters can bypass detection. The user-mode service will fail to open the file for scanning after the conversion is done from Unicode to ANSI. Thi...
Teclib-edition Armadito Antivirus 0.12.7.2
1 EDB exploit
5.3
CVSSv3
CVE-2021-39190
The SCCM plugin for GLPI is a plugin to synchronize computers from SCCM (version 1802) to GLPI. In versions before 2.3.0, the Configuration page is publicly accessible in read-only mode. This issue is patched in version 2.3.0. No known workarounds exist.
Teclib-edition System Center Configuration Manager
9.8
CVSSv3
CVE-2019-10231
Teclib GLPI prior to 9.4.1.1 is affected by a PHP type juggling vulnerability allowing bypass of authentication. This occurs in Auth::checkPassword() (inc/auth.class.php).
Teclib-edition Gestionnaire Libre De Parc Informatique
9.8
CVSSv3
CVE-2019-10232
Teclib GLPI up to and including 9.3.3 has SQL injection via the "cycle" parameter in /scripts/unlock_tasks.php.
Teclib-edition Gestionnaire Libre De Parc Informatique
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started