2694 matches found
PT-2024-10105 · Glpi +1 · Glpi +1
Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.17 Description: The issue is related to a lack of protection of the web page structure in the GLPI system, which can be exploited by a remote attacker to conduct a cross-site scripting XSS attack. Specifically, an...
PT-2024-27964
Name of the Vulnerable Software and Affected Versions GLPI versions 9.2.0 through 10.0.15 Description The issue allows unauthorized download of documents from the API without appropriate rights. Recommendations Upgrade to version 10.0.16 to resolve the issue. As a temporary workaround, consider...
GLPI 跨站脚本漏洞
GLPI is an open source IT and asset management software from an individual developer. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and i...
PT-2024-10107 · Glpi +1 · Glpi +1
Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.17 Description: The issue is related to a reflected XSS vulnerability in GLPI, a free asset and IT management software package. An unauthenticated user can exploit this vulnerability by providing a malicious link t...
PT-2024-10108 · Glpi +1 · Glpi +1
Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.17 Description: The issue is related to a reflected XSS vulnerability located in the Cable form of GLPI, an open-source asset and IT management software package. This vulnerability can be exploited by an...
The vulnerability of the GLPI system’s request, incident, and computer equipment inventory management processes, related to the failure to protect the SQL request structure, allows a perpetrator to execute arbitrary code.
The vulnerability of the GLPI system’s request, incident, and computer equipment inventory management processes is related to the lack of protective measures for the SQL request structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code...
The vulnerability of the GLPI system’s request, incident, and asset inventory management, related to improper session management, allows a malicious actor to gain full access to the application.
The vulnerability of the GLPI system’s request, incident, and asset inventory management is related to improper session management. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain full access to the application by intercepting sessions...
PT-2024-8000 · Glpi +1 · Glpi +1
Name of the Vulnerable Software and Affected Versions: GLPI versions 0.80 through 10.0.16 Description: The issue is related to a lack of password recovery mechanism in the GLPI system, which can be exploited by a remote attacker to bypass existing security restrictions. An administrator with acce...
PT-2024-7920 · Glpi +1 · Glpi +1
Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.17 Description: The issue is related to a lack of protection against SQL injection attacks in the GLPI system, which manages IT assets and incidents. An authenticated user can exploit multiple SQL injection...
PT-2024-8175 · Glpi +1 · Glpi +1
Name of the Vulnerable Software and Affected Versions: GLPI versions 9.3.0 through 10.0.16 Description: The issue is related to incorrect access control in the GLPI system, which can be exploited by a remote attacker to gain unauthorized access to an account through the API. An authenticated user...
PT-2024-10159 · Glpi +1 · Glpi +1
Name of the Vulnerable Software and Affected Versions: GLPI versions 0.80 through 10.0.16 Description: GLPI is a free asset and IT management software package. The issue is related to incorrect access control, allowing an authenticated user to use an application endpoint to delete any user accoun...
ROS-20241008-07
Vulnerability in DecodeConfig component of Golang programming language is related to uncontrolled consumption of resources. resources. The vulnerability can be exploited by the GLPI system of requests, incidents and inventory of computer equipment. GLPI computer hardware vulnerability is related ...
PT-2024-9895 · Glpi +1 · Fields Plugin +1
Name of the Vulnerable Software and Affected Versions: Fields plugin for GLPI versions prior to 1.21.13 Description: The issue is related to a lack of protection against SQL injection attacks in the Fields plugin for GLPI. This allows an authenticated user to perform a SQL injection when the plug...
The vulnerability of the GLPI system’s request, incident, and asset inventory management processes, related to external control of file names or paths, allows a perpetrator to load arbitrary PHP scripts and intercept plugin loaders to execute these scripts at will.
The vulnerability of the GLPI system for requests, incidents, and computer equipment inventory management is related to external control of file names or paths. Exploiting this vulnerability allows a malicious actor to load any arbitrary PHP script and intercept the plugin loader to execute that...
The vulnerability of software for asset management and GLPI data processing centers, related to improper access control, allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of software for asset management and GLPI data processing centers relates to the implementation of a CSV file, by creating a file with a fake header. Exploiting this vulnerability can allow an attacker operating remotely to compromise the confidentiality, integrity, and...
ROS-20240827-09
A vulnerability in GLPI's computer hardware requisition, incident, and inventory system is related to external file name or path control. Exploitation of the vulnerability could allow an attacker acting remotely, to upload a malicious PHP script and hijack the plugin loader to execute that...
ROS-20240828-02
A vulnerability in GLPI's asset and data center management software is related to the CSV file injection by creating a file with a spoofed header. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive data...
Exploit for Injection in Glpi-Project Glpi
CVE-2022-35914poc Modified for GLPI Offsec Lab: calluserfun...
ROS-20240812-02
A vulnerability in the GLPI plugin that allows the creation of custom Formcreator forms is related to the the use of FULLFORM for rendering. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary javascript code...
ROS-20240812-13
A vulnerability in GLPI's asset and data center management software involves server-side request forgery. Exploitation of the vulnerability could allow an attacker acting remotely to perform an SSRF-based attack using the creation of an arbitrary object. remotely to execute an SSRF-based attack...