269 matches found
EUVD-2024-36465
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can attach a document to any item, even if the user has no write access on it. Upgrade to 10.0.16...
CVE-2024-37147
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can attach a document to any item, even if the user has no write access on it. Upgrade to 10.0.16...
CVE-2024-27098
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can execute a SSRF based attack using Arbitrary Object Instantiation. This issue has been patched in version 10.0.13...
CVE-2024-27104
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. A user with rights to create and share dashboards can build a dashboard containing javascript code. Any user that will open this dashboard will be subject t...
CVE-2024-27914
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI administrator in order to exploit a reflected XSS vulnerability. The XSS will only trigger if...
CVE-2024-27096
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in the search engine to extract data from the database. This issue has been patched in versi...
CVE-2024-27098
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can execute a SSRF based attack using Arbitrary Object Instantiation. This issue has been patched in version 10.0.13...
CVE-2024-27914
CVE-2024-27914 affects GLPI (Asset and IT Management Software). The vulnerability is a reflected XSS that can be triggered when an unauthenticated user entices a GLPI administrator with a malicious link and the administrator navigates through the debug bar. The issue is explicitly described as en...
CVE-2024-27914 Reflected Cross-Site Scripting (XSS) in search engine when debug mode is enabled in GLPI
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI administrator in order to exploit a reflected XSS vulnerability. The XSS will only trigger if...
CVE-2024-27104 Stored XSS in dashboards in GLPI
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. A user with rights to create and share dashboards can build a dashboard containing javascript code. Any user that will open this dashboard will be subject t...
CVE-2024-27937
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can obtain the email address of all GLPI users. This issue has been patched in version 10.0.13...
CVE-2024-27937
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can obtain the email address of all GLPI users. This issue has been patched in version 10.0.13...
CVE-2024-27930
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can access sensitive fields data from items on which he has read access. This issue has been patched in version 10.0.13...
CVE-2024-27098 Blind Server-Side Request Forgery (SSRF) using Arbitrary Object Instantiation in GLPI
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can execute a SSRF based attack using Arbitrary Object Instantiation. This issue has been patched in version 10.0.13...
CVE-2024-27098
CVE-2024-27098 concerns GLPI, a Free Asset and IT Management Software. An authenticated user can perform a server-side request forgery (SSRF) via Arbitrary Object Instantiation. The issue affects GLPI prior to the patched version and is mitigated by upgrading to version 10.0.13 or newer. The conn...
CVE-2024-27096 SQL Injection in through the search engine
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in the search engine to extract data from the database. This issue has been patched in versi...
CVE-2024-27096 SQL Injection in through the search engine
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in the search engine to extract data from the database. This issue has been patched in versi...
CVE-2024-27930 Sensitive fields access through dropdowns in GLPI
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can access sensitive fields data from items on which he has read access. This issue has been patched in version 10.0.13...
CVE-2024-27937
GLPI (Asset/IT Management software) is affected by CVE-2024-27937 where an authenticated user can obtain the email addresses of all GLPI users. Root cause details across connected docs include: a patch exists in GLPI 10.0.13 (NVD/Red Hat/OSV notes), while another advisory notes that versions prio...
The vulnerability of the GLPI system for managing requests, incidents, and inventory of computer equipment arises from the use of a field in the ITIL form for submitting requests, which allows an attacker to obtain the administrator’s account information.
The vulnerability of the GLPI system for managing requests, incidents, and inventory of computer equipment lies in the use of a input field for ITIL entities in the request form. Exploiting this vulnerability could allow a malicious actor to gain access to the administrator’s account by sending a...