Lucene search
K

60 matches found

Cvelist
Cvelist
added 2024/12/26 9:41 p.m.18 views

CVE-2024-53850 The Addressing GLPI plugin allows data enumeration through uncontrolled object instantiation

The Addressing GLPI plugin enables you to create IP reports for visualize IP addresses used and free on a given network.. Starting with 3.0.0 and before 3.0.3, a poor security check allows an unauthenticated attacker to determine whether data exists by name in GLPI...

8.2CVSS0.00502EPSS
Exploits0References2
OSV
OSV
added 2024/12/26 9:27 p.m.13 views

CVE-2024-45600 Fields GLPI plugin has an Authenticated SQL Injection

Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to 1.21.13, an authenticated user can perform a SQL injection when the plugin is active. The vulnerability is fixed in 1.21.13...

7.7CVSS7.6AI score0.0047EPSS
Exploits0References4
CVE
CVE
added 2024/12/26 9:27 p.m.72 views

CVE-2024-45600

Fields GLPI plugin (Fields) for GLPI: prior to v1.21.13, an authenticated user can perform an SQL injection when the plugin is active; fixed in v1.21.13. Documents also note exploitation could allow arbitrary SQL execution in some sources; recommended remediation is to upgrade to 1.21.13 or disab...

7.7CVSS7.4AI score0.0047EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/26 9:27 p.m.42 views

CVE-2024-45600 Fields GLPI plugin has an Authenticated SQL Injection

Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to 1.21.13, an authenticated user can perform a SQL injection when the plugin is active. The vulnerability is fixed in 1.21.13...

7.7CVSS0.0047EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/26 9:27 p.m.7 views

CVE-2024-45600 Fields GLPI plugin has an Authenticated SQL Injection

Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to 1.21.13, an authenticated user can perform a SQL injection when the plugin is active. The vulnerability is fixed in 1.21.13...

7.7CVSS7.4AI score0.0047EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/12/26 12:0 a.m.2 views

Fields GLPI plugin SQL注入漏洞

Fields GLPI plugin is an open source plugin for GLPI Project Plugins. A SQL injection vulnerability exists in Fields GLPI plugin version 1.21.12 and earlier, which stems from the presence of a SQL injection vulnerability that allows an authenticated user to perform SQL injection while the plugin ...

7.7CVSS7.5AI score0.0047EPSS
Exploits0References2
Redos
Redos
added 2024/08/12 12:0 a.m.24 views

ROS-20240812-02

A vulnerability in the GLPI plugin that allows the creation of custom Formcreator forms is related to the the use of FULLFORM for rendering. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary javascript code...

6.1CVSS7.7AI score0.00551EPSS
Exploits1
Cvelist
Cvelist
added 2023/05/31 5:56 p.m.33 views

CVE-2023-33971 Formcreator vulnerable to stored XSS from ##FULLFORM##

Formcreator is a GLPI plugin which allow creation of custom forms and the creation of one or more tickets when the form is filled. A probable stored cross-site scripting vulnerability is present in Formcreator 2.13.5 and prior via the use of the use of FULLFORM for rendering. This could result in...

6.1CVSS6.5AI score0.00551EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/05/31 5:56 p.m.10 views

CVE-2023-33971 Formcreator vulnerable to stored XSS from ##FULLFORM##

Formcreator is a GLPI plugin which allow creation of custom forms and the creation of one or more tickets when the form is filled. A probable stored cross-site scripting vulnerability is present in Formcreator 2.13.5 and prior via the use of the use of FULLFORM for rendering. This could result in...

6.1CVSS6.7AI score0.00551EPSS
Exploits1References1
NVD
NVD
added 2023/04/05 6:15 p.m.26 views

CVE-2023-29006

The Order GLPI plugin allows users to manage order management within GLPI. Starting with version 1.8.0 and prior to versions 2.7.7 and 2.10.1, an authenticated user that has access to standard interface can craft an URL that can be used to execute a system command. Versions 2.7.7 and 2.10.1 conta...

8.8CVSS8.7AI score0.00857EPSS
Exploits0References2
Prion
Prion
added 2023/04/05 6:15 p.m.18 views

Design/Logic Flaw

The Order GLPI plugin allows users to manage order management within GLPI. Starting with version 1.8.0 and prior to versions 2.7.7 and 2.10.1, an authenticated user that has access to standard interface can craft an URL that can be used to execute a system command. Versions 2.7.7 and 2.10.1 conta...

6.5CVSS8.6AI score0.00857EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/04/05 5:53 p.m.21 views

CVE-2023-29006 Order GLPI plugin vulnerable to remote code execution from authenticated user

The Order GLPI plugin allows users to manage order management within GLPI. Starting with version 1.8.0 and prior to versions 2.7.7 and 2.10.1, an authenticated user that has access to standard interface can craft an URL that can be used to execute a system command. Versions 2.7.7 and 2.10.1 conta...

8.8CVSS8.4AI score0.00857EPSS
Exploits0References4
CVE
CVE
added 2023/04/05 5:53 p.m.40 views

CVE-2023-29006

CVE-2023-29006 affects the Order GLPI plugin. Versions 1.8.0 up to, but not including, 2.7.7 and 2.10.1 allow an authenticated user with access to the standard interface to craft a URL that can execute a system command. Patches exist in 2.7.7 and 2.10.1. A manual workaround is to delete the plugi...

8.8CVSS8.7AI score0.00857EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/04/05 5:53 p.m.16 views

CVE-2023-29006 Order GLPI plugin vulnerable to remote code execution from authenticated user

The Order GLPI plugin allows users to manage order management within GLPI. Starting with version 1.8.0 and prior to versions 2.7.7 and 2.10.1, an authenticated user that has access to standard interface can craft an URL that can be used to execute a system command. Versions 2.7.7 and 2.10.1 conta...

8.8CVSS8.7AI score0.00857EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/04/05 5:48 p.m.8 views

CVE-2023-28855 Fields GLPI plugin vulnerable to unauthorized write access to additional fields

Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to versions 1.13.1 and 1.20.4, lack of access control check allows any authenticated user to write data to any fields container, including those to which they have no configured access. Versions 1.13.1 and...

6.5CVSS6.7AI score0.00611EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/04/05 12:0 a.m.4 views

GLPI 代码问题漏洞

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...

8.8CVSS8.2AI score0.00857EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/09/22 12:0 a.m.5 views

PT-2022-10890 · Glpi · Sccm Plugin For Glpi

Name of the Vulnerable Software and Affected Versions: SCCM plugin for GLPI versions prior to 2.3.0 Description: The SCCM plugin for GLPI has an issue where the Configuration page is publicly accessible in read-only mode in versions prior to 2.3.0. This issue is patched in version 2.3.0...

5.3CVSS5.1AI score0.00469EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2022/06/27 8:30 p.m.4 views

CVE-2022-31082 SQL Injection via package deployment tasks in glpi-inventory-plugin

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. glpi-inventory-plugin is a plugin for GLPI to handle inventory management. In affected versions a SQL injection can be made using package deployment tasks...

5.8CVSS7AI score0.00942EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2012/08/30 12:0 a.m.11 views

Fedora Update for glpi-pdf FEDORA-2012-10661

Check for the Version of glpi-pdf OpenVAS Vulnerability Test Fedora Update for glpi-pdf FEDORA-2012-10661 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

7.4AI score
Exploits0References2
Fedora
Fedora
added 2011/08/12 10:59 a.m.22 views

[SECURITY] Fedora 14 Update: glpi-pdf-0.7.2-1.fc14

This GLPI plugin enables you to print, in pdf format, the information sheet of an equipment or a software of the inventory...

5CVSS2.3AI score0.0285EPSS
Exploits0
Rows per page
Query Builder