Lucene search
K

269 matches found

Redos
Redos
added 2023/11/09 12:0 a.m.29 views

ROS-20231109-02

Vulnerability in GLPI's request and incident handling system is related to information disclosure. Exploitation exploitation of the vulnerability could allow a remote attacker to obtain user logins. GLPI request and incident handling system vulnerability related to the lack of path filtering by...

9.8CVSS7.8AI score0.33874EPSS
Exploits0
NVD
NVD
added 2023/09/27 3:19 p.m.50 views

CVE-2023-42461

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The ITIL actors input field from the Ticket form can be used to perform a SQL injection. Users are advised...

9.8CVSS7.6AI score0.00899EPSS
Exploits0References1
NVD
NVD
added 2023/09/27 3:19 p.m.33 views

CVE-2023-41322

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. A user with write access to another user can make requests to change the latter's password and then take...

8.8CVSS6.4AI score0.00731EPSS
Exploits0References1
NVD
NVD
added 2023/09/27 3:19 p.m.36 views

CVE-2023-41321

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API user can enumerate sensitive fields values on resources on which he has read access. Users are...

6.5CVSS5.7AI score0.00738EPSS
Exploits0References1
NVD
NVD
added 2023/09/27 3:19 p.m.16 views

CVE-2023-41323

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An unauthenticated user can enumerate users logins. Users are advised to upgrade to version 10.0.10. There...

5.3CVSS5.3AI score0.33874EPSS
Exploits0References1
Prion
Prion
added 2023/09/27 3:19 p.m.27 views

Design/Logic Flaw

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An unauthenticated user can enumerate users logins. Users are advised to upgrade to version 10.0.10. There...

5CVSS6.3AI score0.33874EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/09/27 3:19 p.m.5 views

UBUNTU-CVE-2023-42461

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The ITIL actors input field from the Ticket form can be used to perform a SQL injection. Users are advised...

9.8CVSS5.9AI score0.00899EPSS
Exploits0References3
OSV
OSV
added 2023/09/27 3:19 p.m.3 views

UBUNTU-CVE-2023-41321

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API user can enumerate sensitive fields values on resources on which he has read access. Users are...

6.5CVSS5.8AI score0.00738EPSS
Exploits0References3
Prion
Prion
added 2023/09/27 3:19 p.m.27 views

Sql injection

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The ITIL actors input field from the Ticket form can be used to perform a SQL injection. Users are advised...

7.5CVSS9.8AI score0.00899EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/09/27 3:19 p.m.22 views

Design/Logic Flaw

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API user can enumerate sensitive fields values on resources on which he has read access. Users are...

4CVSS6.4AI score0.00738EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/09/27 3:19 p.m.31 views

Design/Logic Flaw

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The document upload process can be diverted to delete some files. Users are advised to upgrade to version...

6.4CVSS9.2AI score0.01043EPSS
Exploits0References1Affected Software1
FreeBSD
FreeBSD
added 2023/09/27 12:0 a.m.28 views

glpi-project -- SQL injection in ITIL actors in GLPI

[email protected] reports: GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The ITIL actors input field from the Ticket form can be used to...

9.8CVSS7.6AI score0.00899EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/09/26 10:45 p.m.23 views

CVE-2023-42461 SQL injection in ITIL actors in GLPI

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The ITIL actors input field from the Ticket form can be used to perform a SQL injection. Users are advised...

6.5CVSS7.7AI score0.00899EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/09/26 10:45 p.m.53 views

CVE-2023-42461 SQL injection in ITIL actors in GLPI

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The ITIL actors input field from the Ticket form can be used to perform a SQL injection. Users are advised...

6.5CVSS10AI score0.00899EPSS
Exploits0References1
CVE
CVE
added 2023/09/26 10:45 p.m.71 views

CVE-2023-42461

GLPI (Gestionnaire Libre de Parc Informatique) has an SQL injection vulnerability (CVE-2023-42461) in the ticket/search path where the ITIL actor input field in the Ticket form can be exploited. This affects GLPI versions prior to 10.0.13; an authenticated user can abuse the vulnerable query, pot...

9.8CVSS8.4AI score0.00899EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/09/26 10:45 p.m.49 views

CVE-2023-42461 SQL injection in ITIL actors in GLPI

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The ITIL actors input field from the Ticket form can be used to perform a SQL injection. Users are advised...

6.5CVSS9.4AI score0.00899EPSS
Exploits0References3
CVE
CVE
added 2023/09/26 10:44 p.m.71 views

CVE-2023-41888

CVE-2023-41888 concerns GLPI (Gestionnaire Libre de Parc Informatique). Multiple connected sources describe vulnerabilities in GLPI prior to fixed versions, including pre-10.13 and pre-10.0.13 lines, with various flaws (SQL injection, SSRF, XSS, unauthorized data access) that could enable informa...

5.4CVSS5.2AI score0.00417EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/09/26 10:44 p.m.34 views

CVE-2023-41888 Phishing through a login page malicious URL in GLPI

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The lack of path filtering on the GLPI URL may allow an attacker to transmit a malicious URL of login page...

5.3CVSS5.7AI score0.00417EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/09/26 10:40 p.m.29 views

CVE-2023-41326 Account takeover via Kanban feature in GLPI

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. A logged user from any profile can hijack the Kanban feature to alter any user field, and end-up with...

8.1CVSS8.9AI score0.3095EPSS
Exploits0References1
CVE
CVE
added 2023/09/26 10:37 p.m.2522 views

CVE-2023-41324

GLPI (Gestionnaire Libre de Parc Informatique) vulnerability CVE-2023-41324 is evidenced in connected records as a SQL injection flaw in GLPI’s search functionality. Affected are GLPI versions prior to 10.0.13 (per PT Security entries); authenticated users can exploit the flaw to access or extrac...

8.8CVSS8.2AI score0.00737EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder