Linux Distros Unpatched Vulnerability : CVE-2024-45611

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An...

Linux Distros Unpatched Vulnerability : CVE-2024-41679

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free asset and IT management software package. An authenticated user can exploit a SQL injection vulnerability from the ticket form. Upgrade to 10.0.1...

CVE-2024-43418

GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability. Upgrade to 10.0.17...

CVE-2024-50339

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.17, an unauthenticated user can retrieve all the sessions IDs and use them to steal any valid session. Version 10.0.17 contains a patch for this issue...

CVE-2024-45610

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability located in the Cable form...

CVE-2024-48912

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.17, an authenticated user can use an application endpoint to delete any user account. Version 10.0.17 contains a patch for this issue...

GLPI Input Validation Error Vulnerability

GLPI is an open source IT and asset management software from GLPI Open Source. The software provides a full-featured IT resource management interface , you can use it to create a database to fully manage IT computers , monitors , servers , printers , network devices , telephones , and even toner...

CVE-2024-11955

A vulnerability was found in GLPI up to 10.0.17. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument redirect leads to open redirect. The attack can be launched remotely. The exploit has been...

PT-2025-6511 · Glpi · Glpi

Name of the Vulnerable Software and Affected Versions: GLPI versions up to 10.0.17 Description: A vulnerability was found in an unknown functionality of the file /index.php, where the manipulation of the redirect argument leads to open redirect. The attack can be launched remotely. Recommendation...

CVE-2024-48912

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.17, an authenticated user can use an application endpoint to delete any user account. Version 10.0.17 contains a patch for this issue...

CVE-2024-48912 GLPI vulnerable to authenticated insecure account deletion

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.17, an authenticated user can use an application endpoint to delete any user account. Version 10.0.17 contains a patch for this issue...

CVE-2024-48912 GLPI vulnerable to authenticated insecure account deletion

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.17, an authenticated user can use an application endpoint to delete any user account. Version 10.0.17 contains a patch for this issue...

CVE-2024-48912

GLPI (Asset and IT Management software) is affected in versions 10.0.0–10.0.16 by CVE-2024-48912, where an authenticated user can delete any user account via an application endpoint due to a missing/insufficient authorization check. A patch was released in 10.0.17, with further advisories listing...

CVE-2024-47761 GLPI vulnerable to account takeover via the password reset feature

GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an administrator with access to the sent notifications contents can take control of an account with higher privileges. Version 10.0.17 contains a patch for this issue...

CVE-2024-47761 GLPI vulnerable to account takeover via the password reset feature

GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an administrator with access to the sent notifications contents can take control of an account with higher privileges. Version 10.0.17 contains a patch for this issue...

CVE-2024-47760

GLPI (Asset & IT Management) affected in CVE-2024-47760: prior to 10.0.17, a technician with API access can elevate privileges and take control of a higher-privileged account. A patch is available in version 10.0.17. Connected sources corroborate version ranges around 9.1.0–10.0.17/10.0.18 and in...

CVE-2024-47760 GLPI vulnerable to account takeover via API

GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.17, a technician with an access to the API can take control of an account with higher privileges. Version 10.0.17 contains a patch for this issue...

CVE-2024-47758 GLPI vulnerable to account takeover without privilege escalation through the API

GLPI is a free asset and IT management software package. Starting in version 9.3.0 and prior to version 10.0.17, an authenticated user can use the API to take control of any user that have the same or a lower level of privileges. Version 10.0.17 contains a patch for this issue...

CVE-2024-43416

GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an unauthenticated user can use an application endpoint to check if an email address corresponds to a valid GLPI user. Version 10.0.17 fixes the issue...

UBUNTU-CVE-2024-43416

GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an unauthenticated user can use an application endpoint to check if an email address corresponds to a valid GLPI user. Version 10.0.17 fixes the issue...