37 matches found
GLPI Inventory Plugin SQL注入漏洞
GLPI Inventory Plugin is an open-source plugin developed by French company GLPI. It is used to process various types of tasks for the GLPI agent. Versions of the GLPI Inventory Plugin prior to 1.6.6 contained a SQL injection vulnerability, which stems from improper handling of user input,...
CVE-2026-26001
The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, non sanitized user input can lend to an SQL injection from reports, with adequate rights. This vulnerability is fixed in 1.6.6...
CVE-2026-26001 GLPI Inventory Plugin has SQL Injection on dropdown_calendar Report
The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, non sanitized user input can lend to an SQL injection from reports, with adequate rights. This vulnerability is fixed in 1.6.6...
CVE-2026-26001 GLPI Inventory Plugin has SQL Injection on dropdown_calendar Report
The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, non sanitized user input can lend to an SQL injection from reports, with adequate rights. This vulnerability is fixed in 1.6.6...
CVE-2026-26001
CVE-2026-26001 affects the GLPI Inventory Plugin. The vulnerability is an SQL injection in the dropdown_calendar report, caused by non-sanitized user input prior to version 1.6.6. The issue allows an attacker with adequate rights to influence the database query (impacting confidentiality; integri...
CVE-2026-26001 GLPI Inventory Plugin has SQL Injection on dropdown_calendar Report
The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, non sanitized user input can lend to an SQL injection from reports, with adequate rights. This vulnerability is fixed in 1.6.6...
Exploit for SQL Injection in Glpi-Project Glpi
CVE-2025-66417 PoC /\...
CVE-2026-25590
The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, there is a reflected XSS vulnerability in task jobs. This vulnerability is fixed in 1.6.6...
CVE-2026-25590
The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, there is a reflected XSS vulnerability in task jobs. This vulnerability is fixed in 1.6.6...
CVE-2026-25590
CVE-2026-25590 in the GLPI Inventory Plugin has a reflected XSS vulnerability in task jobs present before version 1.6.6 . The issue allows an attacker to exploit inputs reflected in responses, resulting in confidentiality impact: HIGH while integrity and availability remain unaffected. Exploitati...
CVE-2026-25590 GLPI Inventory Plugin has Reflected XSS in task jobs
The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, there is a reflected XSS vulnerability in task jobs. This vulnerability is fixed in 1.6.6...
CVE-2026-25590 GLPI Inventory Plugin has Reflected XSS in task jobs
The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, there is a reflected XSS vulnerability in task jobs. This vulnerability is fixed in 1.6.6...
CVE-2025-32786
The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Versions 1.5.0 and below are vulnerable to SQL Injection. This issue is fixed in version 1.5.1...
CVE-2025-32786 GLPI Inventory Plugin is Vulnerable to Unauthenticated SQL Injection
The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Versions 1.5.0 and below are vulnerable to SQL Injection. This issue is fixed in version 1.5.1...
CVE-2025-32786 GLPI Inventory Plugin is Vulnerable to Unauthenticated SQL Injection
The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Versions 1.5.0 and below are vulnerable to SQL Injection. This issue is fixed in version 1.5.1...
CVE-2025-32786 GLPI Inventory Plugin is Vulnerable to Unauthenticated SQL Injection
The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Versions 1.5.0 and below are vulnerable to SQL Injection. This issue is fixed in version 1.5.1...
GLPI Inventory Plugin SQL注入漏洞
GLPI Inventory Plugin is an open source plugin for GLPI France. It is used to handle various types of tasks for GLPI agents. A SQL injection vulnerability exists in GLPI Inventory Plugin 1.5.0 and prior versions, which stems from user input that is not adequately validated and escaped, and could...
EUVD-2025-6436
Malicious code in bioql PyPI...
EUVD-2025-14843
Malicious code in bioql PyPI...
The vulnerability of the software deployment plugin and the GLPI Inventory network is related to incorrect restrictions on the path to the restricted-access catalog, allowing attackers to gain access to protected information.
The vulnerability of the software deployment and GLPI Inventory network component relates to incorrect restrictions on the path name to the restricted access catalog. Exploiting this vulnerability could allow an attacker to gain access to protected information...