Glpi@* Security Vulnerabilities and Issues — Glpi@* CVE List

Lucene search

Glpi-projectGlpi*

4 matches found

CVE•added 2015/04/14 6:59 p.m.•46 views

CVE-2014-5032

GLPI before 0.84.7 does not properly restrict access to cost information, which allows remote attackers to obtain sensitive information via the cost criteria in the search bar.

5CVSS6.1AI score0.00388EPSS

CVE•added 2015/04/14 6:59 p.m.•41 views

CVE-2014-8360

Directory traversal vulnerability in inc/autoload.function.php in GLPI before 0.84.8 allows remote attackers to include and execute arbitrary local files via a .._ (dot dot underscore) in an item type to the getItemForItemtype, as demonstrated by the itemtype parameter in ajax/common.tabs.php.

7.5CVSS7.2AI score0.00982EPSS

CVE•added 2015/10/05 2:59 p.m.•41 views

CVE-2015-7684

Unrestricted file upload in GLPI before 0.85.3 allows remote authenticated users to execute arbitrary code by adding a file with an executable extension as an attachment to a new ticket, then accessing it via a direct request to the file in files/_tmp/.

9CVSS7.6AI score0.01223EPSS

CVE•added 2015/10/05 2:59 p.m.•33 views

CVE-2015-7685

GLPI before 0.85.3 allows remote authenticated users to create super-admin accounts by leveraging permissions to create a user and the _profiles_id parameter to front/user.form.php.

4CVSS6.4AI score0.00146EPSS