Teclib GLPI <= 9.3.3 - Unauthenticated SQL Injection

Teclib GLPI = 9.3.3 exposes a script /scripts/unlocktasks.php that incorrectly sanitizes user controlled data before using it in SQL queries. Thus, an attacker could abuse the affected feature to alter the semantic original SQL query and retrieve database records. id: CVE-2019-10232 info: name:...

CVE-2019-12723

An issue was discovered in the Teclib Fields plugin through 1.9.2 for GLPI. it allows SQL Injection via containerid and oldorder parameters to ajax/reorder.php by an unauthenticated user...

CVE-2019-12724

An issue was discovered in the Teclib News plugin through 1.5.2 for GLPI. It allows a stored XSS attack via the $POST'name' parameter...

CVE-2025-53360 pluginsGLPI's Database Inventory Plugin allows any authenticated user to send agent requests

pluginsGLPI's Database Inventory Plugin "manages" the Teclib' inventory agents in order to perform an inventory of the databases present on the workstation. In versions prior to 1.0.3, any authenticated user could send requests to agents. This issue has been patched in version 1.0.3...

CVE-2025-53360 pluginsGLPI's Database Inventory Plugin allows any authenticated user to send agent requests

pluginsGLPI's Database Inventory Plugin "manages" the Teclib' inventory agents in order to perform an inventory of the databases present on the workstation. In versions prior to 1.0.3, any authenticated user could send requests to agents. This issue has been patched in version 1.0.3...

PT-2025-47334

Name of the Vulnerable Software and Affected Versions pluginsGLPI Database Inventory Plugin versions prior to 1.0.3 Description The Database Inventory Plugin for pluginsGLPI manages Teclib' inventory agents to inventory databases on workstations. Prior to version 1.0.3, any authenticated user cou...

EUVD-2019-2242

Malware in sbrugna...

EUVD-2019-2244

Malware in sbrugna...

EUVD-2019-4315

Malware in sbrugna...

EUVD-2019-4314

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2019-10233

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Teclib GLPI before 9.4.1.1 is affected by a timing attack associated with a cookie. CVE-2019-10233 Note that Nessus relies on the presence of the package as...

Linux Distros Unpatched Vulnerability : CVE-2019-10231

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Teclib GLPI before 9.4.1.1 is affected by a PHP type juggling vulnerability allowing bypass of authentication. This occurs in Auth::checkPassword...

CVE-2019-10231

Teclib GLPI before 9.4.1.1 is affected by a PHP type juggling vulnerability allowing bypass of authentication. This occurs in Auth::checkPassword inc/auth.class.php...

CVE-2019-10232

Teclib GLPI through 9.3.3 has SQL injection via the "cycle" parameter in /scripts/unlocktasks.php...

teclib-edition.com Cross Site Scripting vulnerability OBB-3311489

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CISA's KEV Catalog Updated with 3 New Flaws Threatening IT Management Systems

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added three security flaws to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The list of vulnerabilities is below - CVE-2022-35914 CVSS score: 9.8 - Teclib GLPI Remote Code Execution...

CISA's KEV Catalog Updated with 3 New Flaws Threatening IT Management Systems

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added three security flaws to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The list of vulnerabilities is below - CVE-2022-35914 CVSS score: 9.8 - Teclib GLPI Remote Code Execution...

Teclib GLPI Remote Code Execution Vulnerability

Teclib GLPI contains a remote code execution vulnerability in the third-party library, htmlawed...

Teclib GLPI SQL Injection Vulnerability (CNVD-2020-44905)

Teclib GLPI is an open source IT asset management suite from the French company Teclib. The suite includes features such as device status management, asset inventory storage, management processes and work log management. A SQL injection vulnerability exists in Teclib GLPI versions prior to 9.5.1...

Teclib GLPI Cross-Site Scripting Vulnerability (CNVD-2020-29626)

Teclib GLPI is an open source IT asset management suite from the French company Teclib. The suite includes features such as device status management, asset inventory storage, management processes and work log management. A cross-site scripting vulnerability exists in Teclib GLPI. The vulnerabilit...