Lucene search
K

43 matches found

BDU FSTEC
BDU FSTEC
added 2024/07/29 12:0 a.m.9 views

The vulnerability of the GLPI system’s handling of requests and incidents, related to the possibility of falsifying requests on the server side, allows a perpetrator to redirect users to any arbitrary URL address.

The vulnerability in the GLPI system for handling requests and incidents is related to the possibility of forged requests on the server side. Exploiting this vulnerability allows a malicious actor to redirect users to an arbitrary URL address...

5.3CVSS7AI score0.00591EPSS
Exploits1References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/07/29 12:0 a.m.5 views

The vulnerability of the GLPI system’s handling of requests and incidents, related to insufficient protection of user credentials, allows a malicious individual to obtain unauthorized access to the root account’s password.

The vulnerability in the GLPI system’s request and incident handling process is related to an error in passing configuration data via JavaScript. In this error, some records are filtered out, but the ldappass variable is not filtered. Exploiting this vulnerability could allow a remote attacker to...

7.8CVSS7.2AI score0.01221EPSS
Exploits0References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/07/29 12:0 a.m.6 views

The vulnerability of the GLPI system’s handling of requests and incidents arises from the improper neutralization of input data during the generation of web pages. This allows attackers to carry out XSS attacks.

The vulnerability in the GLPI request and incident handling system relates to the improper elimination of input data during the generation of web pages. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks...

6.4CVSS6.4AI score0.00622EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/05/06 12:0 a.m.6 views

The vulnerability of the GLPI system’s handling of requests and incidents is related to incorrect input cancellation during the creation of web pages. This allows a malicious attacker to execute XSS attacks.

The vulnerability in the GLPI request and incident handling system relates to improper input validation during the creation of web pages. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks...

6.1CVSS5.4AI score0.00665EPSS
Exploits0References5Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/03/25 12:0 a.m.5 views

The vulnerability of the GLPI system for managing requests, incidents, and inventory of computer equipment, related to deficiencies in authorization procedures, allows unauthorized users to gain access to protected information.

The vulnerability of the GLPI system for requests, incidents, and inventory management is related to deficiencies in authorization procedures. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...

6.8CVSS5.5AI score0.01139EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2024/02/01 12:0 a.m.7 views

GLPI Injection Vulnerability

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...

8.1CVSS7.4AI score0.0087EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2023/12/22 12:0 a.m.5 views

The vulnerability of the GLPI system for managing requests, incidents, and inventory of computer equipment arises from the improper elimination of certain elements in the output data, allowing a perpetrator to execute arbitrary codes.

The vulnerability of the GLPI system for managing requests, incidents, and inventory of computer equipment is related to incorrect neutralization of certain elements in the output data. Exploiting this vulnerability allows a malicious actor to execute arbitrary codes remotely...

10CVSS8AI score0.01259EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/12/22 12:0 a.m.6 views

The vulnerability of the GLPI system’s request, incident, and computer equipment inventory processes, related to the improper elimination of special elements used in SQL commands, allows a hacker to alter the database query logic by introducing arbitrary SQL operators.

The vulnerability of the GLPI system’s request, incident, and computer equipment inventory management functions is related to the improper elimination of special elements used in SQL queries. Exploiting this vulnerability allows a malicious actor to alter the query logic to the database, by...

10CVSS8AI score0.67107EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/11/13 12:0 a.m.5 views

The vulnerability of the GLPI system for requests, incidents, and inventory management, related to the disclosure of information that allows a hacker to expose the protected information

The vulnerability of the GLPI system for requests, incidents, and inventory management is related to the disclosure of information. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose the protected information...

7.8CVSS6.5AI score0.00738EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2023/11/13 12:0 a.m.6 views

The vulnerability of the GLPI system for requests, incidents, and inventory management, related to insufficient access control, allows a malicious user to gain unauthorized access to another user’s account.

The vulnerability of the GLPI system for requests, incidents, and inventory management is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to another user’s account...

10CVSS7.5AI score0.00731EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2023/11/13 12:0 a.m.6 views

The vulnerability of the GLPI system for requests, incidents, and inventory management, related to the disclosure of information that allows a hacker to expose the protected information

The vulnerability of the GLPI system for requests, incidents, and inventory management is related to the disclosure of information. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose the protected information...

5.3CVSS5.8AI score0.33874EPSS
Exploits0References3Affected Software2
Positive Technologies
Positive Technologies
added 2023/09/26 12:0 a.m.7 views

PT-2023-6846 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.10 Description: The issue is related to the lack of path filtering on the GLPI URL, which may allow an attacker to transmit a malicious URL of the login page to attempt a phishing attack on user credentials. This c...

10CVSS6.9AI score0.99628EPSS
Exploits27References156
Positive Technologies
Positive Technologies
added 2023/09/26 12:0 a.m.6 views

PT-2023-6845 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.10 Description: The issue is related to the insecure management of privileges in the Kanban feature of the GLPI system, which can be exploited by a remote attacker to gain unauthorized access to any user's account...

10CVSS7.1AI score0.99628EPSS
Exploits27References157
BDU FSTEC
BDU FSTEC
added 2023/08/11 12:0 a.m.7 views

The vulnerability of the GLPI system’s request, incident, and computer equipment inventory management processes, related to the failure to protect the SQL request structure, allows a perpetrator to execute arbitrary code.

The vulnerability of the GLPI system’s request, incident, and computer equipment inventory management processes is related to the lack of protective measures for the SQL request structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code...

10CVSS8.2AI score0.49425EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/06/26 12:0 a.m.8 views

The vulnerability of the GLPI system’s handling of requests and incidents lies in the improper neutralization of input data during the generation of web pages, as well as the improper neutralization of special elements used in SQL commands. This allows attackers to execute arbitrary SQL queries in the database.

The vulnerability of the GLPI application’s request and incident handling system lies in the insufficient cleaning of user data at the final inventory registration stage. A user who has not undergone identity verification can send specially created requests to the vulnerable application and execu...

10CVSS6.9AI score0.00486EPSS
Exploits0References6Affected Software2
BDU FSTEC
BDU FSTEC
added 2023/06/26 12:0 a.m.9 views

The vulnerability of the GLPI system’s request and incident handling process, related to improper input cancellation during the generation of web pages, allows attackers to carry out attacks using cross-site scripts.

The vulnerability of the GLPI system for handling requests and incidents is related to insufficient cleaning of user data in the administration panel. Users can inject and execute arbitrary HTML and scripts in the user’s browser within the context of the vulnerable website. Exploiting this...

4.8CVSS6.7AI score0.00538EPSS
Exploits0References6Affected Software2
BDU FSTEC
BDU FSTEC
added 2023/06/26 12:0 a.m.12 views

The vulnerability of the GLPI system’s handling of requests and incidents lies in the improper cancellation of input during the generation of web pages, allowing a malicious user to execute arbitrary SQL queries in the database.

The vulnerability of the GLPI system for handling requests and incidents is related to insufficient cleaning of user data on search pages. A malicious actor can trick a victim into clicking on a specially created link, allowing arbitrary HTML code and scripts to be executed in the user’s browser...

6.4CVSS6.5AI score0.00605EPSS
Exploits0References6Affected Software2
OSV
OSV
added 2022/11/17 11:15 p.m.6 views

CVE-2022-39181

GLPI - Reports plugin for GLPI Reflected Cross-Site-Scripting RXSS. Type 1: Reflected XSS or Non-Persistent - The server reads data directly from the HTTP request and reflects it back in the HTTP response. Reflected XSS exploits occur when an attacker causes a victim to supply dangerous content t...

6.1CVSS5.6AI score0.00361EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2022/02/04 12:0 a.m.7 views

The vulnerability of the GLPI system’s request and incident handling capabilities, related to the lack of measures taken to protect the website structure, allows attackers to carry out cross-site scripting attacks.

The vulnerability of the GLPI system for handling requests and incidents is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

6.4CVSS6AI score0.0096EPSS
Exploits0References5Affected Software2
CNNVD
CNNVD
added 2021/11/24 12:0 a.m.7 views

GLPI 路径遍历漏洞

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...

9.1CVSS7.3AI score0.52658EPSS
Exploits2References5
Rows per page
Query Builder