CVE-2024-11955

GLPI 10.0.x vulnerable up to 10.0.17. Affected functionality: an interaction with /index.php via a manipulated redirect parameter enabling an open redirect. Exploitation described as remote and publicly disclosed. Remediation: upgrading to 10.0.18 addresses this issue (per initial CVE description...

CVE-2024-11955 GLPI index.php redirect

A vulnerability was found in GLPI up to 10.0.17. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument redirect leads to open redirect. The attack can be launched remotely. The exploit has been...

CVE-2024-11955 GLPI index.php redirect

A vulnerability was found in GLPI up to 10.0.17. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument redirect leads to open redirect. The attack can be launched remotely. The exploit has been...

GLPI 跨站脚本漏洞

GLPI is an open source IT and asset management software from GLPI Open Source. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...

GLPI 安全漏洞

GLPI is an open source IT and asset management software from GLPI Open Source. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...

GLPI 输入验证错误漏洞

GLPI is an open source IT and asset management software from GLPI Open Source. The software provides a full-featured IT resource management interface , you can use it to create a database to fully manage IT computers , monitors , servers , printers , network devices , telephones , and even toner...

glpi-project -- GLPI multiple vulnerabilities

[email protected] reports: CVE-2024-11955: A vulnerability was found in GLPI up to 10.0.17. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument redirect leads to open redirect. The...

PT-2025-6928 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions 0.71 through 10.0.17 Description: The issue allows an anonymous user to fetch sensitive information from the "status.php" endpoint. There is no information about the estimated number of potentially affected devices worldwide or...

PT-2025-6973 · Unknown +2 · Oauthimap Plugin +2

Name of the Vulnerable Software and Affected Versions: GLPI versions 9.5.0 through 10.0.17 Description: The issue allows unauthorized access to GLPI when a "Mail servers" authentication provider is configured to use an Oauth connection provided by the OauthIMAP plugin, leveraging existing Oauth...

PT-2025-7052 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.18 Description: A low-privileged user can enable debug mode and access sensitive information. The estimated number of potentially affected devices is not provided. There is no information about real-world incidents...

PT-2025-6972 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions 0.72 through 10.0.17 Description: The issue allows an anonymous user to disable all active plugins. The estimated number of potentially affected devices is not provided. There is no information about real-world incidents where...

PT-2025-6929 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.18 Description: The issue allows a malicious link to be crafted to perform a reflected XSS attack on the search page. If anonymous ticket creation is enabled, this attack can be performed by an unauthenticated user...

PT-2025-6927 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.18 Description: The issue allows an administrator user to perform a SQL injection through the rules configuration forms. Recommendations: For versions prior to 10.0.18, update to version 10.0.18 to resolve the issu...

CVE-2021-39209

GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, a user who is logged in to GLPI can bypass Cross-Site Request Forgery CSRF protection in many places. This could allow a malicious actor to perform many actions on GLPI. This issue is fixed in version 9.5.6. Ther...

CVE-2022-29250

GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions prior to version 10.0.1 it is possible to add extra information by SQL injection on search pages. In order to exploit this vulnerability a user...

CVE-2022-39398

tasklists is a tasklists plugin for GLPI Kanban. Versions prior to 2.0.3 are vulnerable to Cross-site Scripting. Cross-site Scripting XSS - Create XSS in task content when add it. This issue is patched in version 2.0.3. There are no known workarounds...

CVE-2020-5248

GLPI before before version 9.4.6 has a vulnerability involving a default encryption key. GLPIKEY is public and is used on every instance. This means anyone can decrypt sensitive data stored using this key. It is possible to change the key before installing GLPI. But on existing instances, data mu...

CVE-2024-43416

GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an unauthenticated user can use an application endpoint to check if an email address corresponds to a valid GLPI user. Version 10.0.17 fixes the issue...

CVE-2024-27096

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in the search engine to extract data from the database. This issue has been patched in versi...

CVE-2024-28241

The GLPI Agent is a generic management agent. Prior to version 1.7.2, a local user can modify GLPI-Agent code or used DLLs to modify agent logic and even gain higher privileges. Users should upgrade to GLPI-Agent 1.7.2 to receive a patch. As a workaround, use the default installation folder which...