2698 matches found
CVE-2024-37147
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can attach a document to any item, even if the user has no write access on it. Upgrade to 10.0.16...
GLPI Security Vulnerabilities
GLPI is an open source IT and asset management software from an individual developer. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and i...
GLPI Security Vulnerabilities
GLPI is an open source IT and asset management software from an individual developer. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and i...
GLPI Security Vulnerabilities
GLPI is an open source IT and asset management software from an individual developer. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and i...
PT-2024-5859 · Glpi +2 · Glpi +2
Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.16 Description: The issue is related to the GLPI system, which is an open-source asset and IT management software package providing ITIL Service Desk features, licenses tracking, and software auditing. An...
PT-2024-5861 · Glpi +2 · Glpi +2
Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.16 Description: The issue is related to incorrect access control in the GLPI system, which provides ITIL Service Desk features, licenses tracking, and software auditing. An authenticated user can attach a document ...
GLPI -- multiple vulnerabilities
GLPI team reports: GLPI 10.0.16 Changelog SECURITY - high Account takeover via SQL Injection in AJAX scripts CVE-2024-37148 SECURITY - high Remote code execution through the plugin loader CVE-2024-37149 SECURITY - moderate Authenticated file upload to restricted tickets CVE-2024-37147...
CVE-2024-29889
GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability in the saved searches feature to alter another user account data take control of it. This vulnerability is fixed in 10.0.15...
CVE-2024-31456
GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability from map search. This vulnerability is fixed in 10.0.15...
CVE-2024-31456 GLPI contains an authenticated SQL injection
GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability from map search. This vulnerability is fixed in 10.0.15...
CVE-2024-31456 GLPI contains an authenticated SQL injection
GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability from map search. This vulnerability is fixed in 10.0.15...
CVE-2024-31456
GLPI before version 10.0.15 is vulnerable to an authenticated SQL injection via the map search function. The root cause is improper handling of SQL queries in the map search feature, allowing disclosure of protected information. The issue is fixed in GLPI 10.0.15. Mitigation: upgrade to 10.0.15 o...
CVE-2024-31456 GLPI contains an authenticated SQL injection
GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability from map search. This vulnerability is fixed in 10.0.15...
CVE-2024-29889 GLPI contains an SQL injection through the saved searches
GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability in the saved searches feature to alter another user account data take control of it. This vulnerability is fixed in 10.0.15...
CVE-2024-29889 GLPI contains an SQL injection through the saved searches
GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability in the saved searches feature to alter another user account data take control of it. This vulnerability is fixed in 10.0.15...
CVE-2024-29889 GLPI contains an SQL injection through the saved searches
GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability in the saved searches feature to alter another user account data take control of it. This vulnerability is fixed in 10.0.15...
CVE-2024-29889
Affected software: GLPI (Free Asset and IT Management Software). Vulnerability: SQL injection in the saved searches feature, exploitable by an authenticated user to alter another user’s data and take control of the account. Root cause / details: The issue exists in GLPI versions before 10.0.15; t...
GLPI 安全漏洞
GLPI is an open source IT and asset management software from an individual developer. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and i...
GLPI 安全漏洞
GLPI is an open source IT and asset management software from an individual developer. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and i...
The vulnerability of the GLPI system’s handling of requests and incidents is related to incorrect input cancellation during the creation of web pages. This allows a malicious attacker to execute XSS attacks.
The vulnerability in the GLPI request and incident handling system relates to improper input validation during the creation of web pages. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks...