Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
Glpi-projectGlpi

167 matches found

CVE
CVEadded 2020/09/23 4:15 p.m.41 views

CVE-2020-11031

In GLPI before version 9.5.0, the encryption algorithm used is insecure. The security of the data encrypted relies on the password used, if a user sets a weak/predictable password, an attacker could decrypt data. This is fixed in version 9.5.0 by using a more secure encryption library. The library ...

7.8CVSS7.4AI score0.00055EPSS
CVE
CVEadded 2021/03/02 8:15 p.m.41 views

CVE-2021-21258

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI from version 9.5.0 and before version 9.5.4, there is a cross-site scripting injection vulnerability when using ajax/kanban.php. This is fixed i...

6.8CVSS5.8AI score0.00281EPSS
CVE
CVEadded 2024/04/29 6:15 p.m.41 views

CVE-2024-31705

An issue in Infotel Conseil GLPI v.10.X.X and after allows a remote attacker to execute arbitrary code via the insufficient validation of user-supplied input.

9.8CVSS7.8AI score0.04197EPSS
CVE
CVEadded 2024/11/15 6:15 p.m.41 views

CVE-2024-41678

GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability. Upgrade to 10.0.17.

6.5CVSS6.2AI score0.00155EPSS
CVE
CVEadded 2019/03/27 5:29 p.m.39 views

CVE-2019-10233

Teclib GLPI before 9.4.1.1 is affected by a timing attack associated with a cookie.

8.1CVSS8AI score0.00433EPSS
CVE
CVEadded 2019/07/10 2:15 p.m.39 views

CVE-2019-13240

An issue was discovered in GLPI before 9.4.1. After a successful password reset by a user, it is possible to change that user's password again during the next 24 hours without any information except the associated email address.

5.9CVSS5.6AI score0.00544EPSS
CVE
CVEadded 2021/03/08 5:15 p.m.39 views

CVE-2021-21326

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 it is possible to create tickets for another user with self-service interface without delegatee systems enabled. This is fi...

7.7CVSS6.5AI score0.00211EPSS
CVE
CVEadded 2022/11/03 4:15 p.m.39 views

CVE-2022-39373

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Administrator may store malicious code in entity name. This issue has been patched, please upgrade to v...

4.9CVSS5.2AI score0.00071EPSS
CVE
CVEadded 2019/07/15 6:15 p.m.38 views

CVE-2019-1010307

GLPI GLPI Product 9.3.1 is affected by: Cross Site Scripting (XSS). The impact is: All dropdown values are vulnerable to XSS leading to privilege escalation and executing js on admin. The component is: /glpi/ajax/getDropDownValue.php. The attack vector is: 1- User Create a ticket , 2- Admin opens a...

5.4CVSS5.4AI score0.00253EPSS
CVE
CVEadded 2023/07/05 9:15 p.m.38 views

CVE-2023-35940

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a file allows an unauthenticated user to be able to access dashboards data. Version 10.0.8 contains a patch for this issue.

7.5CVSS7.5AI score0.00272EPSS
CVE
CVEadded 2021/09/15 4:15 p.m.37 views

CVE-2021-39209

GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, a user who is logged in to GLPI can bypass Cross-Site Request Forgery (CSRF) protection in many places. This could allow a malicious actor to perform many actions on GLPI. This issue is fixed in version 9.5.6. Ther...

8.8CVSS8.7AI score0.00137EPSS
CVE
CVEadded 2023/04/05 6:15 p.m.37 views

CVE-2023-28852

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to versions 9.5.13 and 10.0.7, a user with dashboard administration rights may hack the dashboard form to store malicious code that will be executed when other users will use the related dashboard. Versions...

4.8CVSS5AI score0.00403EPSS
CVE
CVEadded 2017/07/19 1:29 p.m.34 views

CVE-2016-7509

Cross-site scripting (XSS) vulnerability in GLPI 0.90.4 allows remote authenticated attackers to inject arbitrary web script or HTML by attaching a crafted HTML file to a ticket.

5.4CVSS5AI score0.0015EPSS
CVE
CVEadded 2015/10/05 2:59 p.m.33 views

CVE-2015-7685

GLPI before 0.85.3 allows remote authenticated users to create super-admin accounts by leveraging permissions to create a user and the _profiles_id parameter to front/user.form.php.

4CVSS6.4AI score0.00146EPSS
CVE
CVEadded 2017/07/19 1:29 p.m.33 views

CVE-2016-7507

Cross-Site Request Forgery (CSRF) vulnerability in GLPI 0.90.4 allows remote authenticated attackers to submit a request that could lead to the creation of an admin account in the application.

8CVSS7.5AI score0.0016EPSS
CVE
CVEadded 2023/11/02 2:15 p.m.32 views

CVE-2023-42802

GLPI is a free asset and IT management software package. Starting in version 10.0.7 and prior to version 10.0.10, an unverified object instantiation allows one to upload malicious PHP files to unwanted directories. Depending on web server configuration and available system libraries, malicious PHP ...

10CVSS9.7AI score0.03012EPSS
CVE
CVEadded 2023/12/13 7:15 p.m.32 views

CVE-2023-46726

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, on PHP 7.4 only, the LDAP server configuration form can be used to execute arbitrary code previously uploaded as a GLPI document. Version 10.0.11 contains a patch for the issue.

9.8CVSS8.8AI score0.00126EPSS
Total number of security vulnerabilities167