Lucene search
K

2698 matches found

UbuntuCve
UbuntuCve
added 2024/07/10 12:0 a.m.14 views

CVE-2024-37147

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can attach a document to any item, even if the user has no write access on it. Upgrade to 10.0.16...

4.3CVSS5.9AI score0.00685EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/07/10 12:0 a.m.3 views

GLPI Security Vulnerabilities

GLPI is an open source IT and asset management software from an individual developer. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and i...

8.1CVSS6.7AI score0.20386EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/07/10 12:0 a.m.2 views

GLPI Security Vulnerabilities

GLPI is an open source IT and asset management software from an individual developer. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and i...

4.3CVSS6.7AI score0.00685EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/07/10 12:0 a.m.5 views

GLPI Security Vulnerabilities

GLPI is an open source IT and asset management software from an individual developer. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and i...

8.8CVSS7AI score0.2124EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/07/10 12:0 a.m.5 views

PT-2024-5859 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.16 Description: The issue is related to the GLPI system, which is an open-source asset and IT management software package providing ITIL Service Desk features, licenses tracking, and software auditing. An...

8.8CVSS6.1AI score0.2124EPSS
Exploits1References25
Positive Technologies
Positive Technologies
added 2024/07/10 12:0 a.m.6 views

PT-2024-5861 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.16 Description: The issue is related to incorrect access control in the GLPI system, which provides ITIL Service Desk features, licenses tracking, and software auditing. An authenticated user can attach a document ...

8.8CVSS5.8AI score0.2124EPSS
Exploits1References25
FreeBSD
FreeBSD
added 2024/06/03 12:0 a.m.29 views

GLPI -- multiple vulnerabilities

GLPI team reports: GLPI 10.0.16 Changelog SECURITY - high Account takeover via SQL Injection in AJAX scripts CVE-2024-37148 SECURITY - high Remote code execution through the plugin loader CVE-2024-37149 SECURITY - moderate Authenticated file upload to restricted tickets CVE-2024-37147...

8.8CVSS9AI score0.2124EPSS
Exploits1References4
NVD
NVD
added 2024/05/07 2:15 p.m.33 views

CVE-2024-29889

GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability in the saved searches feature to alter another user account data take control of it. This vulnerability is fixed in 10.0.15...

8.1CVSS7.1AI score0.63212EPSS
Exploits0References2
NVD
NVD
added 2024/05/07 2:15 p.m.27 views

CVE-2024-31456

GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability from map search. This vulnerability is fixed in 10.0.15...

7.7CVSS7.6AI score0.59404EPSS
Exploits0References2
OSV
OSV
added 2024/05/07 2:7 p.m.21 views

CVE-2024-31456 GLPI contains an authenticated SQL injection

GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability from map search. This vulnerability is fixed in 10.0.15...

7.7CVSS7.5AI score0.59404EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/05/07 2:7 p.m.33 views

CVE-2024-31456 GLPI contains an authenticated SQL injection

GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability from map search. This vulnerability is fixed in 10.0.15...

7.7CVSS7.8AI score0.59404EPSS
Exploits0References2
CVE
CVE
added 2024/05/07 2:7 p.m.93 views

CVE-2024-31456

GLPI before version 10.0.15 is vulnerable to an authenticated SQL injection via the map search function. The root cause is improper handling of SQL queries in the map search feature, allowing disclosure of protected information. The issue is fixed in GLPI 10.0.15. Mitigation: upgrade to 10.0.15 o...

7.7CVSS7.3AI score0.59404EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/07 2:7 p.m.16 views

CVE-2024-31456 GLPI contains an authenticated SQL injection

GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability from map search. This vulnerability is fixed in 10.0.15...

7.7CVSS7.4AI score0.59404EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/07 2:5 p.m.17 views

CVE-2024-29889 GLPI contains an SQL injection through the saved searches

GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability in the saved searches feature to alter another user account data take control of it. This vulnerability is fixed in 10.0.15...

7.1CVSS7.5AI score0.63212EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/07 2:5 p.m.34 views

CVE-2024-29889 GLPI contains an SQL injection through the saved searches

GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability in the saved searches feature to alter another user account data take control of it. This vulnerability is fixed in 10.0.15...

7.1CVSS7.3AI score0.63212EPSS
Exploits0References2
OSV
OSV
added 2024/05/07 2:5 p.m.25 views

CVE-2024-29889 GLPI contains an SQL injection through the saved searches

GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability in the saved searches feature to alter another user account data take control of it. This vulnerability is fixed in 10.0.15...

7.1CVSS8AI score0.63212EPSS
Exploits0References4
CVE
CVE
added 2024/05/07 2:5 p.m.125 views

CVE-2024-29889

Affected software: GLPI (Free Asset and IT Management Software). Vulnerability: SQL injection in the saved searches feature, exploitable by an authenticated user to alter another user’s data and take control of the account. Root cause / details: The issue exists in GLPI versions before 10.0.15; t...

8.1CVSS7.4AI score0.63212EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/05/07 12:0 a.m.4 views

GLPI 安全漏洞

GLPI is an open source IT and asset management software from an individual developer. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and i...

7.7CVSS6.8AI score0.59404EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/05/07 12:0 a.m.3 views

GLPI 安全漏洞

GLPI is an open source IT and asset management software from an individual developer. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and i...

8.1CVSS6.2AI score0.63212EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2024/05/06 12:0 a.m.6 views

The vulnerability of the GLPI system’s handling of requests and incidents is related to incorrect input cancellation during the creation of web pages. This allows a malicious attacker to execute XSS attacks.

The vulnerability in the GLPI request and incident handling system relates to improper input validation during the creation of web pages. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks...

6.1CVSS5.4AI score0.00665EPSS
Exploits0References5Affected Software2
Rows per page
Query Builder