CVE-2024-53850

The Addressing GLPI plugin enables you to create IP reports for visualize IP addresses used and free on a given network.. Starting with 3.0.0 and before 3.0.3, a poor security check allows an unauthenticated attacker to determine whether data exists by name in GLPI...

CVE-2024-45600

Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to 1.21.13, an authenticated user can perform a SQL injection when the plugin is active. The vulnerability is fixed in 1.21.13...

CVE-2024-53850 The Addressing GLPI plugin allows data enumeration through uncontrolled object instantiation

The Addressing GLPI plugin enables you to create IP reports for visualize IP addresses used and free on a given network.. Starting with 3.0.0 and before 3.0.3, a poor security check allows an unauthenticated attacker to determine whether data exists by name in GLPI...

CVE-2024-53850 The Addressing GLPI plugin allows data enumeration through uncontrolled object instantiation

The Addressing GLPI plugin enables you to create IP reports for visualize IP addresses used and free on a given network.. Starting with 3.0.0 and before 3.0.3, a poor security check allows an unauthenticated attacker to determine whether data exists by name in GLPI...

CVE-2024-53850

The CVE-2024-53850 entry maps to the Addressing GLPI plugin vulnerability. The connected PT-2024-9988 advisory specifies affected versions 3.0.0 through 3.0.3 and attributes the issue to a poor security check that allows an unauthenticated attacker to determine whether data exists by name in GLPI...

CVE-2024-53850 The Addressing GLPI plugin allows data enumeration through uncontrolled object instantiation

The Addressing GLPI plugin enables you to create IP reports for visualize IP addresses used and free on a given network.. Starting with 3.0.0 and before 3.0.3, a poor security check allows an unauthenticated attacker to determine whether data exists by name in GLPI...

CVE-2024-45600 Fields GLPI plugin has an Authenticated SQL Injection

Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to 1.21.13, an authenticated user can perform a SQL injection when the plugin is active. The vulnerability is fixed in 1.21.13...

CVE-2024-45600

Fields GLPI plugin (Fields) for GLPI: prior to v1.21.13, an authenticated user can perform an SQL injection when the plugin is active; fixed in v1.21.13. Documents also note exploitation could allow arbitrary SQL execution in some sources; recommended remediation is to upgrade to 1.21.13 or disab...

CVE-2024-45600 Fields GLPI plugin has an Authenticated SQL Injection

Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to 1.21.13, an authenticated user can perform a SQL injection when the plugin is active. The vulnerability is fixed in 1.21.13...

CVE-2024-45600 Fields GLPI plugin has an Authenticated SQL Injection

Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to 1.21.13, an authenticated user can perform a SQL injection when the plugin is active. The vulnerability is fixed in 1.21.13...

Fields GLPI plugin SQL注入漏洞

Fields GLPI plugin is an open source plugin for GLPI Project Plugins. A SQL injection vulnerability exists in Fields GLPI plugin version 1.21.12 and earlier, which stems from the presence of a SQL injection vulnerability that allows an authenticated user to perform SQL injection while the plugin ...

CVE-2024-50339

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.17, an unauthenticated user can retrieve all the sessions IDs and use them to steal any valid session. Version 10.0.17 contains a patch for this issue...

GLPI 跨站脚本漏洞

GLPI is an open source IT and asset management software from GLPI Open Source. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...

CVE-2024-50339 GLPI vulnerable to unauthenticated session hijacking

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.17, an unauthenticated user can retrieve all the sessions IDs and use them to steal any valid session. Version 10.0.17 contains a patch for this issue...

CVE-2024-50339

Vulnerability summary (CVE-2024-50339): GLPI, versions 9.5.0 up to 10.0.17, is vulnerable to an unauthenticated session-stealing scenario where an attacker can retrieve all session IDs and use them to hijack valid sessions. A patch was issued in version 10.0.17. Several security analyses (includi...

CVE-2024-50339 GLPI vulnerable to unauthenticated session hijacking

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.17, an unauthenticated user can retrieve all the sessions IDs and use them to steal any valid session. Version 10.0.17 contains a patch for this issue...

CVE-2024-50339 GLPI vulnerable to unauthenticated session hijacking

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.17, an unauthenticated user can retrieve all the sessions IDs and use them to steal any valid session. Version 10.0.17 contains a patch for this issue...

CVE-2024-48912

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.17, an authenticated user can use an application endpoint to delete any user account. Version 10.0.17 contains a patch for this issue...

CVE-2024-47761

GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an administrator with access to the sent notifications contents can take control of an account with higher privileges. Version 10.0.17 contains a patch for this issue...

CVE-2024-47760

GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.17, a technician with an access to the API can take control of an account with higher privileges. Version 10.0.17 contains a patch for this issue...