CVE-2025-24801 GLPI allows authenticated remote code execution

GLPI is a free asset and IT management software package. An authenticated user can upload and force the execution of .php files located on the GLPI server. This vulnerability is fixed in 10.0.18...

CVE-2025-24801 GLPI allows authenticated remote code execution

GLPI is a free asset and IT management software package. An authenticated user can upload and force the execution of .php files located on the GLPI server. This vulnerability is fixed in 10.0.18...

CVE-2025-24801

GLPI (asset/IT management software) has CVE-2025-24801 where an authenticated user can upload and force execution of PHP files on the GLPI server. Root cause described in the Nessus/NASL entry aligns with improper handling of uploaded files. Fixed in GLPI version 10.0.18. Remediation is to upgrad...

CVE-2025-24801 GLPI allows authenticated remote code execution

GLPI is a free asset and IT management software package. An authenticated user can upload and force the execution of .php files located on the GLPI server. This vulnerability is fixed in 10.0.18...

CVE-2025-24799 GLPI allows unauthenticated SQL injection through the inventory endpoint

GLPI is a free asset and IT management software package. An unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 10.0.18...

CVE-2025-24799 GLPI allows unauthenticated SQL injection through the inventory endpoint

GLPI is a free asset and IT management software package. An unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 10.0.18...

CVE-2025-24799 GLPI allows unauthenticated SQL injection through the inventory endpoint

GLPI is a free asset and IT management software package. An unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 10.0.18...

CVE-2025-24799

GLPI pre-auth SQL injection in the Inventory feature affects versions up to 10.0.17 due to insufficient sanitization of XML input in handleAgent, where SimpleXMLElement objects can bypass dbEscapeRecursive and allow arbitrary SQL via the inventory endpoint. Impact: unauthenticated access to data....

CVE-2025-21619 GLPI allows SQL injection through the rules configuration

GLPI is a free asset and IT management software package. An administrator user can perfom a SQL injection through the rules configuration forms. This vulnerability is fixed in 10.0.18...

CVE-2025-21619 GLPI allows SQL injection through the rules configuration

GLPI is a free asset and IT management software package. An administrator user can perfom a SQL injection through the rules configuration forms. This vulnerability is fixed in 10.0.18...

CVE-2025-21619 GLPI allows SQL injection through the rules configuration

GLPI is a free asset and IT management software package. An administrator user can perfom a SQL injection through the rules configuration forms. This vulnerability is fixed in 10.0.18...

CVE-2025-21619

GLPI (asset and IT management software) is affected by CVE-2025-21619: an administrator can trigger a SQL injection through the rules configuration forms. The issue is fixed in GLPI version 10.0.18; upgrading to 10.0.18 or later is recommended. There are no explicit exploitation details provided ...

GLPI SQL注入漏洞

GLPI is an open source IT and asset management software from GLPI Open Source. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...

CVE-2025-26626

The GLPI Inventory Plugin handles various types of tasks for GLPI agents for the GLPI asset and IT management software package. Versions prior to 1.5.0 are vulnerable to reflective cross-site scripting, which may lead to executing javascript code. Version 1.5.0 fixes the issue...

CVE-2025-26626

The GLPI Inventory Plugin handles various types of tasks for GLPI agents for the GLPI asset and IT management software package. Versions prior to 1.5.0 are vulnerable to reflective cross-site scripting, which may lead to executing javascript code. Version 1.5.0 fixes the issue...

CVE-2025-26626

GLPI Inventory Plugin (for GLPI) is affected by a reflective cross-site scripting vulnerability in versions prior to 1.5.0. The issue allows execution of JavaScript code and is tracked as CVE-2025-26626. A fixed release is 1.5.0. The CVSSv3.1 base score is 6.5 (MEDIUM), with network attack vector...

CVE-2025-26626 GLPI Inventory Plugin vulnerable to reflective Cross-site Scripting

The GLPI Inventory Plugin handles various types of tasks for GLPI agents for the GLPI asset and IT management software package. Versions prior to 1.5.0 are vulnerable to reflective cross-site scripting, which may lead to executing javascript code. Version 1.5.0 fixes the issue...

CVE-2025-26626 GLPI Inventory Plugin vulnerable to reflective Cross-site Scripting

The GLPI Inventory Plugin handles various types of tasks for GLPI agents for the GLPI asset and IT management software package. Versions prior to 1.5.0 are vulnerable to reflective cross-site scripting, which may lead to executing javascript code. Version 1.5.0 fixes the issue...

CVE-2025-26626 GLPI Inventory Plugin vulnerable to reflective Cross-site Scripting

The GLPI Inventory Plugin handles various types of tasks for GLPI agents for the GLPI asset and IT management software package. Versions prior to 1.5.0 are vulnerable to reflective cross-site scripting, which may lead to executing javascript code. Version 1.5.0 fixes the issue...

GLPI Inventory Plugin 跨站脚本漏洞

GLPI Inventory Plugin is an open source plugin for GLPI France. It is used to handle various types of tasks for GLPI agents. A cross-site scripting vulnerability exists in GLPI Inventory Plugin versions prior to 1.5.0, which stems from reflective cross-site scripting and could lead to the executi...