CVE-2024-28240

The GLPI Agent is a generic management agent. A vulnerability that only affects GLPI-Agent installed on windows via MSI packaging can allow a local user to cause denial of agent service by replacing GLPI server url with a wrong url or disabling the service. Additionally, in the case the Deploy ta...

CVE-2024-37148

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in some AJAX scripts to alter another user account data and take control of it. Upgrad...

CVE-2024-37149

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated technician user can upload a malicious PHP script and hijack the plugin loader to execute this malicious script. Upgrade to 10.0.16...

CVE-2024-40638

GLPI is a free asset and IT management software package. An authenticated user can exploit multiple SQL injection vulnerabilities. One of them can be used to alter another user account data and take control of it. Upgrade to 10.0.17...

CVE-2024-53850

The Addressing GLPI plugin enables you to create IP reports for visualize IP addresses used and free on a given network.. Starting with 3.0.0 and before 3.0.3, a poor security check allows an unauthenticated attacker to determine whether data exists by name in GLPI...

PT-2025-7036

Name of the Vulnerable Software and Affected Versions GLPI versions prior to 10.0.18 Description GLPI is an asset and IT management software package. An unauthenticated user can perform a SQL injection through the inventory endpoint. This allows an attacker to execute arbitrary SQL commands. A...

PT-2025-7037

Name of the Vulnerable Software and Affected Versions GLPI versions prior to 10.0.18 Description GLPI is a free asset and IT management software package. An authenticated user can upload and force the execution of .php files located on the GLPI server. This can lead to remote code execution...

ROS-20250121-10

Vulnerability of GLPI system of requests, incidents and inventory of computer equipment is related to Failure to take measures to protect the SQL query structure. Exploitation of the vulnerability could allow an intruder, acting remotely, to disclose protected information...

The vulnerability of the GLPI system’s request, incident, and computer equipment inventory management, related to improper access control, allows a intruder to gain unauthorized access to the account.

The vulnerability of the GLPI system for requests, incidents, and inventory management is related to improper access control. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to the user account...

The vulnerability of the GLPI system’s request, incident, and asset inventory management processes, related to the lack of measures taken to protect the website structure, allows a malicious attacker to carry out XSS attacks.

The vulnerability of the GLPI system’s request, incident, and computer equipment inventory management functions is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks...

The vulnerability of the GLPI system’s request, incident, and asset inventory management processes, related to the lack of measures taken to protect the website structure, allows a malicious attacker to carry out XSS attacks.

The vulnerability of the GLPI system’s request, incident, and computer equipment inventory management systems lies in the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks...

ROS-20250109-03

Vulnerability of GLPI system of requests, incidents and inventory of computer equipment is related to Failure to take measures to protect the SQL query structure. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary code Vulnerability of the GLPI system...

ROS-20250109-04

Vulnerability of the Fields plug-in of the GLPI system of requests, incidents and inventory of computer equipment is related to failure to take measures to protect the SQL query structure. Exploitation of the vulnerability could allow An attacker acting remotely could execute arbitrary SQL code...

The vulnerability of the Fields plugin in the GLPI system for managing requests, incidents, and inventory of computer equipment arises from the lack of protection for the SQL query structure. This allows attackers to execute arbitrary SQL code.

The vulnerability of the Fields plugin in the GLPI system for managing requests, incidents, and inventory of computer equipment is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code remotely...

CVE-2024-56801

Tasklists provides plugin tasklists for GLPI. Versions prior to 2.0.4 have a blind SQL injection vulnerability. Version 2.0.4 contains a patch for the vulnerability...

CVE-2024-56801

Tasklists provides plugin tasklists for GLPI. Versions prior to 2.0.4 have a blind SQL injection vulnerability. Version 2.0.4 contains a patch for the vulnerability...

CVE-2024-56801 Tasklists has Blind SQL Injection in /ajax/reorder.php

Tasklists provides plugin tasklists for GLPI. Versions prior to 2.0.4 have a blind SQL injection vulnerability. Version 2.0.4 contains a patch for the vulnerability...

CVE-2024-56801

Tasklists for GLPI has a blind SQL injection vulnerability in versions prior to 2.0.4, fixed by the 2.0.4 patch. Some sources indicate the issue affects the /ajax/reorder.php endpoint. The CVE documents high impact (per CVSS data) but no exploit details are provided in the connected documents. Re...

CVE-2024-56801 Tasklists has Blind SQL Injection in /ajax/reorder.php

Tasklists provides plugin tasklists for GLPI. Versions prior to 2.0.4 have a blind SQL injection vulnerability. Version 2.0.4 contains a patch for the vulnerability...

PT-2024-37075 · Glpi · Tasklists

Name of the Vulnerable Software and Affected Versions: Tasklists versions prior to 2.0.4 Description: The issue is related to a blind SQL injection vulnerability. Tasklists provides plugin tasklists for GLPI. Versions prior to 2.0.4 are affected. Recommendations: For versions prior to 2.0.4, upda...