Glpi@9.2.0 Security Vulnerabilities and Issues — Glpi@9.2.0 CVE List

Lucene search

Glpi-projectGlpi9.2.0

4 matches found

CVE•added 2023/07/05 8:15 p.m.•127 views

CVE-2023-34107

GLPI is a free asset and IT management software package. Versions of the software starting with 9.2.0 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user, allows access to the view all KnowbaseItems. Version 10.0.8 has a patch for this issue.

6.5CVSS6.4AI score0.00177EPSS

CVE•added 2024/11/15 10:15 p.m.•89 views

CVE-2024-38370

GLPI is a free asset and IT management software package. Starting in 9.2.0 and prior to 11.0.0, it is possible to download a document from the API without appropriate rights. Upgrade to 10.0.16.

7.5CVSS5.2AI score0.00158EPSS

CVE•added 2024/11/15 6:15 p.m.•47 views

CVE-2024-47759

GLPI is a free Asset and IT management software package. An technician can upload a SVG containing a malicious script. The script will then be executed when any user will try to see the document contents. Upgrade to 10.0.17.

6.7CVSS6.9AI score0.00204EPSS

CVE•added 2018/07/02 11:29 a.m.•43 views

CVE-2018-13049

The constructSQL function in inc/search.class.php in GLPI 9.2.x through 9.3.0 allows SQL Injection, as demonstrated by triggering a crafted LIMIT clause to front/computer.php.

8.8CVSS8.5AI score0.00281EPSS