60 matches found
CVE-2024-53850 The Addressing GLPI plugin allows data enumeration through uncontrolled object instantiation
The Addressing GLPI plugin enables you to create IP reports for visualize IP addresses used and free on a given network.. Starting with 3.0.0 and before 3.0.3, a poor security check allows an unauthenticated attacker to determine whether data exists by name in GLPI...
CVE-2024-45600 Fields GLPI plugin has an Authenticated SQL Injection
Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to 1.21.13, an authenticated user can perform a SQL injection when the plugin is active. The vulnerability is fixed in 1.21.13...
CVE-2024-45600
Fields GLPI plugin (Fields) for GLPI: prior to v1.21.13, an authenticated user can perform an SQL injection when the plugin is active; fixed in v1.21.13. Documents also note exploitation could allow arbitrary SQL execution in some sources; recommended remediation is to upgrade to 1.21.13 or disab...
CVE-2024-45600 Fields GLPI plugin has an Authenticated SQL Injection
Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to 1.21.13, an authenticated user can perform a SQL injection when the plugin is active. The vulnerability is fixed in 1.21.13...
CVE-2024-45600 Fields GLPI plugin has an Authenticated SQL Injection
Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to 1.21.13, an authenticated user can perform a SQL injection when the plugin is active. The vulnerability is fixed in 1.21.13...
Fields GLPI plugin SQL注入漏洞
Fields GLPI plugin is an open source plugin for GLPI Project Plugins. A SQL injection vulnerability exists in Fields GLPI plugin version 1.21.12 and earlier, which stems from the presence of a SQL injection vulnerability that allows an authenticated user to perform SQL injection while the plugin ...
ROS-20240812-02
A vulnerability in the GLPI plugin that allows the creation of custom Formcreator forms is related to the the use of FULLFORM for rendering. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary javascript code...
CVE-2023-33971 Formcreator vulnerable to stored XSS from ##FULLFORM##
Formcreator is a GLPI plugin which allow creation of custom forms and the creation of one or more tickets when the form is filled. A probable stored cross-site scripting vulnerability is present in Formcreator 2.13.5 and prior via the use of the use of FULLFORM for rendering. This could result in...
CVE-2023-33971 Formcreator vulnerable to stored XSS from ##FULLFORM##
Formcreator is a GLPI plugin which allow creation of custom forms and the creation of one or more tickets when the form is filled. A probable stored cross-site scripting vulnerability is present in Formcreator 2.13.5 and prior via the use of the use of FULLFORM for rendering. This could result in...
CVE-2023-29006
The Order GLPI plugin allows users to manage order management within GLPI. Starting with version 1.8.0 and prior to versions 2.7.7 and 2.10.1, an authenticated user that has access to standard interface can craft an URL that can be used to execute a system command. Versions 2.7.7 and 2.10.1 conta...
Design/Logic Flaw
The Order GLPI plugin allows users to manage order management within GLPI. Starting with version 1.8.0 and prior to versions 2.7.7 and 2.10.1, an authenticated user that has access to standard interface can craft an URL that can be used to execute a system command. Versions 2.7.7 and 2.10.1 conta...
CVE-2023-29006 Order GLPI plugin vulnerable to remote code execution from authenticated user
The Order GLPI plugin allows users to manage order management within GLPI. Starting with version 1.8.0 and prior to versions 2.7.7 and 2.10.1, an authenticated user that has access to standard interface can craft an URL that can be used to execute a system command. Versions 2.7.7 and 2.10.1 conta...
CVE-2023-29006
CVE-2023-29006 affects the Order GLPI plugin. Versions 1.8.0 up to, but not including, 2.7.7 and 2.10.1 allow an authenticated user with access to the standard interface to craft a URL that can execute a system command. Patches exist in 2.7.7 and 2.10.1. A manual workaround is to delete the plugi...
CVE-2023-29006 Order GLPI plugin vulnerable to remote code execution from authenticated user
The Order GLPI plugin allows users to manage order management within GLPI. Starting with version 1.8.0 and prior to versions 2.7.7 and 2.10.1, an authenticated user that has access to standard interface can craft an URL that can be used to execute a system command. Versions 2.7.7 and 2.10.1 conta...
CVE-2023-28855 Fields GLPI plugin vulnerable to unauthorized write access to additional fields
Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to versions 1.13.1 and 1.20.4, lack of access control check allows any authenticated user to write data to any fields container, including those to which they have no configured access. Versions 1.13.1 and...
GLPI 代码问题漏洞
GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...
PT-2022-10890 · Glpi · Sccm Plugin For Glpi
Name of the Vulnerable Software and Affected Versions: SCCM plugin for GLPI versions prior to 2.3.0 Description: The SCCM plugin for GLPI has an issue where the Configuration page is publicly accessible in read-only mode in versions prior to 2.3.0. This issue is patched in version 2.3.0...
CVE-2022-31082 SQL Injection via package deployment tasks in glpi-inventory-plugin
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. glpi-inventory-plugin is a plugin for GLPI to handle inventory management. In affected versions a SQL injection can be made using package deployment tasks...
Fedora Update for glpi-pdf FEDORA-2012-10661
Check for the Version of glpi-pdf OpenVAS Vulnerability Test Fedora Update for glpi-pdf FEDORA-2012-10661 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
[SECURITY] Fedora 14 Update: glpi-pdf-0.7.2-1.fc14
This GLPI plugin enables you to print, in pdf format, the information sheet of an equipment or a software of the inventory...