43 matches found
The vulnerability of the GLPI system’s handling of requests and incidents, related to the possibility of falsifying requests on the server side, allows a perpetrator to redirect users to any arbitrary URL address.
The vulnerability in the GLPI system for handling requests and incidents is related to the possibility of forged requests on the server side. Exploiting this vulnerability allows a malicious actor to redirect users to an arbitrary URL address...
The vulnerability of the GLPI system’s handling of requests and incidents, related to insufficient protection of user credentials, allows a malicious individual to obtain unauthorized access to the root account’s password.
The vulnerability in the GLPI system’s request and incident handling process is related to an error in passing configuration data via JavaScript. In this error, some records are filtered out, but the ldappass variable is not filtered. Exploiting this vulnerability could allow a remote attacker to...
The vulnerability of the GLPI system’s handling of requests and incidents arises from the improper neutralization of input data during the generation of web pages. This allows attackers to carry out XSS attacks.
The vulnerability in the GLPI request and incident handling system relates to the improper elimination of input data during the generation of web pages. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks...
The vulnerability of the GLPI system’s handling of requests and incidents is related to incorrect input cancellation during the creation of web pages. This allows a malicious attacker to execute XSS attacks.
The vulnerability in the GLPI request and incident handling system relates to improper input validation during the creation of web pages. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks...
The vulnerability of the GLPI system for managing requests, incidents, and inventory of computer equipment, related to deficiencies in authorization procedures, allows unauthorized users to gain access to protected information.
The vulnerability of the GLPI system for requests, incidents, and inventory management is related to deficiencies in authorization procedures. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...
GLPI Injection Vulnerability
GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...
The vulnerability of the GLPI system for managing requests, incidents, and inventory of computer equipment arises from the improper elimination of certain elements in the output data, allowing a perpetrator to execute arbitrary codes.
The vulnerability of the GLPI system for managing requests, incidents, and inventory of computer equipment is related to incorrect neutralization of certain elements in the output data. Exploiting this vulnerability allows a malicious actor to execute arbitrary codes remotely...
The vulnerability of the GLPI system’s request, incident, and computer equipment inventory processes, related to the improper elimination of special elements used in SQL commands, allows a hacker to alter the database query logic by introducing arbitrary SQL operators.
The vulnerability of the GLPI system’s request, incident, and computer equipment inventory management functions is related to the improper elimination of special elements used in SQL queries. Exploiting this vulnerability allows a malicious actor to alter the query logic to the database, by...
The vulnerability of the GLPI system for requests, incidents, and inventory management, related to the disclosure of information that allows a hacker to expose the protected information
The vulnerability of the GLPI system for requests, incidents, and inventory management is related to the disclosure of information. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose the protected information...
The vulnerability of the GLPI system for requests, incidents, and inventory management, related to insufficient access control, allows a malicious user to gain unauthorized access to another user’s account.
The vulnerability of the GLPI system for requests, incidents, and inventory management is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to another user’s account...
The vulnerability of the GLPI system for requests, incidents, and inventory management, related to the disclosure of information that allows a hacker to expose the protected information
The vulnerability of the GLPI system for requests, incidents, and inventory management is related to the disclosure of information. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose the protected information...
PT-2023-6846 · Glpi +2 · Glpi +2
Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.10 Description: The issue is related to the lack of path filtering on the GLPI URL, which may allow an attacker to transmit a malicious URL of the login page to attempt a phishing attack on user credentials. This c...
PT-2023-6845 · Glpi +2 · Glpi +2
Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.10 Description: The issue is related to the insecure management of privileges in the Kanban feature of the GLPI system, which can be exploited by a remote attacker to gain unauthorized access to any user's account...
The vulnerability of the GLPI system’s request, incident, and computer equipment inventory management processes, related to the failure to protect the SQL request structure, allows a perpetrator to execute arbitrary code.
The vulnerability of the GLPI system’s request, incident, and computer equipment inventory management processes is related to the lack of protective measures for the SQL request structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code...
The vulnerability of the GLPI system’s handling of requests and incidents lies in the improper neutralization of input data during the generation of web pages, as well as the improper neutralization of special elements used in SQL commands. This allows attackers to execute arbitrary SQL queries in the database.
The vulnerability of the GLPI application’s request and incident handling system lies in the insufficient cleaning of user data at the final inventory registration stage. A user who has not undergone identity verification can send specially created requests to the vulnerable application and execu...
The vulnerability of the GLPI system’s request and incident handling process, related to improper input cancellation during the generation of web pages, allows attackers to carry out attacks using cross-site scripts.
The vulnerability of the GLPI system for handling requests and incidents is related to insufficient cleaning of user data in the administration panel. Users can inject and execute arbitrary HTML and scripts in the user’s browser within the context of the vulnerable website. Exploiting this...
The vulnerability of the GLPI system’s handling of requests and incidents lies in the improper cancellation of input during the generation of web pages, allowing a malicious user to execute arbitrary SQL queries in the database.
The vulnerability of the GLPI system for handling requests and incidents is related to insufficient cleaning of user data on search pages. A malicious actor can trick a victim into clicking on a specially created link, allowing arbitrary HTML code and scripts to be executed in the user’s browser...
CVE-2022-39181
GLPI - Reports plugin for GLPI Reflected Cross-Site-Scripting RXSS. Type 1: Reflected XSS or Non-Persistent - The server reads data directly from the HTTP request and reflects it back in the HTTP response. Reflected XSS exploits occur when an attacker causes a victim to supply dangerous content t...
The vulnerability of the GLPI system’s request and incident handling capabilities, related to the lack of measures taken to protect the website structure, allows attackers to carry out cross-site scripting attacks.
The vulnerability of the GLPI system for handling requests and incidents is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
GLPI 路径遍历漏洞
GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...