Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
Glpi-projectGlpi*

157 matches found

CVE
CVEadded 2022/11/03 4:15 p.m.39 views

CVE-2022-39373

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Administrator may store malicious code in entity name. This issue has been patched, please upgrade to v...

4.9CVSS5.2AI score0.00071EPSS
CVE
CVEadded 2023/07/05 9:15 p.m.38 views

CVE-2023-35940

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a file allows an unauthenticated user to be able to access dashboards data. Version 10.0.8 contains a patch for this issue.

7.5CVSS7.5AI score0.00272EPSS
CVE
CVEadded 2021/09/15 4:15 p.m.37 views

CVE-2021-39209

GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, a user who is logged in to GLPI can bypass Cross-Site Request Forgery (CSRF) protection in many places. This could allow a malicious actor to perform many actions on GLPI. This issue is fixed in version 9.5.6. Ther...

8.8CVSS8.7AI score0.00137EPSS
CVE
CVEadded 2023/04/05 6:15 p.m.37 views

CVE-2023-28852

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to versions 9.5.13 and 10.0.7, a user with dashboard administration rights may hack the dashboard form to store malicious code that will be executed when other users will use the related dashboard. Versions...

4.8CVSS5AI score0.00403EPSS
CVE
CVEadded 2015/10/05 2:59 p.m.33 views

CVE-2015-7685

GLPI before 0.85.3 allows remote authenticated users to create super-admin accounts by leveraging permissions to create a user and the _profiles_id parameter to front/user.form.php.

4CVSS6.4AI score0.00146EPSS
CVE
CVEadded 2023/11/02 2:15 p.m.32 views

CVE-2023-42802

GLPI is a free asset and IT management software package. Starting in version 10.0.7 and prior to version 10.0.10, an unverified object instantiation allows one to upload malicious PHP files to unwanted directories. Depending on web server configuration and available system libraries, malicious PHP ...

10CVSS9.7AI score0.03012EPSS
CVE
CVEadded 2023/12/13 7:15 p.m.32 views

CVE-2023-46726

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, on PHP 7.4 only, the LDAP server configuration form can be used to execute arbitrary code previously uploaded as a GLPI document. Version 10.0.11 contains a patch for the issue.

9.8CVSS8.8AI score0.00126EPSS
Total number of security vulnerabilities157