21 matches found
CVE-2024-41679
GLPI is a free asset and IT management software package. An authenticated user can exploit a SQL injection vulnerability from the ticket form. Upgrade to 10.0.17...
EUVD-2020-16390
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2024-41679
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free asset and IT management software package. An authenticated user can exploit a SQL injection vulnerability from the ticket form. Upgrade to 10.0.1...
CVE-2024-41679
GLPI is a free asset and IT management software package. An authenticated user can exploit a SQL injection vulnerability from the ticket form. Upgrade to 10.0.17...
UBUNTU-CVE-2024-41679
GLPI is a free asset and IT management software package. An authenticated user can exploit a SQL injection vulnerability from the ticket form. Upgrade to 10.0.17...
CVE-2024-41679 Authenticated SQL injection in ticket form
GLPI is a free asset and IT management software package. An authenticated user can exploit a SQL injection vulnerability from the ticket form. Upgrade to 10.0.17...
CVE-2024-41679 Authenticated SQL injection in ticket form
GLPI is a free asset and IT management software package. An authenticated user can exploit a SQL injection vulnerability from the ticket form. Upgrade to 10.0.17...
CVE-2024-41679
GLPI (asset/IT management software) is affected by CVE-2024-41679: an authenticated user can exploit a SQL injection vulnerability via the ticket form. Remediation recommended by multiple sources is to upgrade to GLPI 10.0.19 or later (10.0.19+); the initial description also mentions upgrading to...
PT-2024-10112 · Glpi +1 · Glpi +1
Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.17 Description: The issue is related to a SQL injection vulnerability in the ticket form of GLPI, a free asset and IT management software package. An authenticated user can exploit this vulnerability, potentially...
UBUNTU-CVE-2023-42461
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The ITIL actors input field from the Ticket form can be used to perform a SQL injection. Users are advised...
PT-2023-6847 · Glpi +2 · Glpi +2
Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.10 Description: The issue is related to the use of the ITIL actors input field from the ticket form, which can be exploited to perform a SQL injection. This allows a remote attacker to potentially capture an...
PT-2023-11652 · Unknown · Boxbilling
Name of the Vulnerable Software and Affected Versions: BoxBilling versions 4.19 through 4.21 Description: A Cross Site Scripting XSS issue allows remote attackers to run arbitrary code via the message field on the submit new ticket form. This enables attackers to execute malicious scripts,...
CVE-2020-23647
CVE-2020-23647 is a documented XSS vulnerability affecting BoxBilling versions 4.19, 4.19.1, 4.20, and 4.21. The issue arises from the message field on the “submit new ticket” form, allowing remote attackers to execute arbitrary code in some contexts. The available connected sources consistently ...
WordPress SupportFlow Plugin <= 0.6 - Stored Cross-Site Scripting (XSS)
This plugin is prone to a stored XSS vulnerability, because the subject is not escaped before being used in the value attribute of the subject input element in the admin-side ticket form. Solution Update the plugin...
Ian Dunn: Stored XSS in SupportFlow Ticket Subject
SupportFlow contains an XSS vulnerability in how it handles ticket subjects in the admin-side ticket form, because the subject is not escaped before being used in the value attribute of the subject input element. This first requires wptexturize to be disabled not that uncommon: addfilter...
milb.com XSS vulnerability
Vulnerable URL: http://www.milb.com/tickets/form.jsp?formid=email=%22%3E%3Cimg%20src=x%20onerror=prompt%28/OPENBUGBOUNTY/%29%3E=t446=team1 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa...
Fedora 23 : glpi-0.90.3-1.fc23 (2016-a099d11840)
Version 0.90.3 security update to prevent a minor vulnerability fix issues with post-only ticket form See changelog for more details. ---- Version 0.90.2 Include bugfixes and some minor features : An alert in central page when some of your mysql tables are marked as crashed A better flexibility i...
Fedora 22 : glpi-0.90.3-1.fc22 (2016-657a4a658e)
Version 0.90.3 security update to prevent a minor vulnerability fix issues with post-only ticket form See changelog for more details. ---- Version 0.90.2 Include bugfixes and some minor features : An alert in central page when some of your mysql tables are marked as crashed A better flexibility i...
Fedora 24 : glpi-0.90.3-1.fc24 (2016-9db4add326)
Version 0.90.3 security update to prevent a minor vulnerability fix issues with post-only ticket form See changelog for more details. ---- Version 0.90.2 Include bugfixes and some minor features : An alert in central page when some of your mysql tables are marked as crashed A better flexibility i...
UBUNTU-CVE-2013-2225
inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the predefinedfields parameter to front/ticket.form.php...