CVE-2026-26027 GLPI has an Unauthenticated Stored XSS via inventory

GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated user can store an XSS payload through the inventory endpoint. This vulnerability is fixed in 11.0.6...

Linux Distros Unpatched Vulnerability : CVE-2017-11474

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI before 9.1.5.1 has SQL Injection in the $crit variable in inc/computersoftwareversion.class.php, exploitable via ajax/common.tabs.php. CVE-2017-11474 Note...

ROS-20250403-15

Vulnerabilities in GLPI's computer hardware request, incident and inventory system are related to improper access control. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to confidential information...

ROS-20250121-10

Vulnerability of GLPI system of requests, incidents and inventory of computer equipment is related to Failure to take measures to protect the SQL query structure. Exploitation of the vulnerability could allow an intruder, acting remotely, to disclose protected information...

ROS-20250109-04

Vulnerability of the Fields plug-in of the GLPI system of requests, incidents and inventory of computer equipment is related to failure to take measures to protect the SQL query structure. Exploitation of the vulnerability could allow An attacker acting remotely could execute arbitrary SQL code...

PT-2024-37075 · Glpi · Tasklists

Name of the Vulnerable Software and Affected Versions: Tasklists versions prior to 2.0.4 Description: The issue is related to a blind SQL injection vulnerability. Tasklists provides plugin tasklists for GLPI. Versions prior to 2.0.4 are affected. Recommendations: For versions prior to 2.0.4, upda...

PT-2024-10105 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.17 Description: The issue is related to a lack of protection of the web page structure in the GLPI system, which can be exploited by a remote attacker to conduct a cross-site scripting XSS attack. Specifically, an...

PT-2024-8000 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions 0.80 through 10.0.16 Description: The issue is related to a lack of password recovery mechanism in the GLPI system, which can be exploited by a remote attacker to bypass existing security restrictions. An administrator with acce...

PT-2024-9895 · Glpi +1 · Fields Plugin +1

Name of the Vulnerable Software and Affected Versions: Fields plugin for GLPI versions prior to 1.21.13 Description: The issue is related to a lack of protection against SQL injection attacks in the Fields plugin for GLPI. This allows an authenticated user to perform a SQL injection when the plug...

ROS-20240812-12

Vulnerability of GLPI system of requests, incidents and inventory of computer equipment is related to Failure to take measures to protect the SQL query structure. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary SQL queries...

GLPI Injection Vulnerability

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...

PT-2023-6845 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.10 Description: The issue is related to the insecure management of privileges in the Kanban feature of the GLPI system, which can be exploited by a remote attacker to gain unauthorized access to any user's account...

PT-2023-6846 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.10 Description: The issue is related to the lack of path filtering on the GLPI URL, which may allow an attacker to transmit a malicious URL of the login page to attempt a phishing attack on user credentials. This c...

CVE-2022-39181

GLPI - Reports plugin for GLPI Reflected Cross-Site-Scripting RXSS. Type 1: Reflected XSS or Non-Persistent - The server reads data directly from the HTTP request and reflects it back in the HTTP response. Reflected XSS exploits occur when an attacker causes a victim to supply dangerous content t...

GLPI 路径遍历漏洞

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...

PT-2020-4301 · Teclib +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 9.5.2 Description: The issue is related to a SQL Injection in the API's search function, allowing an attacker to break SQL syntax and utilize a UNION SELECT query to reflect sensitive information, such as the current...

Teclib GLPI Encryption Problem Vulnerability

Teclib GLPI is an open source IT asset management suite from the French company Teclib. The suite includes features such as device status management, asset inventory storage, management processes and work log management. An encryption issue vulnerability exists in Teclib GLPI versions after 0.83....