Glpi Security Vulnerabilities and Issues — Glpi CVE List

Lucene search

Glpi-projectGlpi

7 matches found

CVE•added 2017/07/28 5:29 a.m.•52 views

CVE-2017-11184

SQL injection exists in front/devicesoundcard.php in GLPI before 9.1.5 via the start parameter.

9.8CVSS9.8AI score0.00266EPSS

CVE•added 2017/07/17 1:18 p.m.•49 views

CVE-2017-11329

GLPI before 9.1.5 allows SQL injection via an ajax/getDropdownValue.php request with an entity_restrict parameter that is not a list of integers.

9.8CVSS9.8AI score0.00288EPSS

CVE•added 2017/07/20 4:29 a.m.•44 views

CVE-2017-11475

GLPI before 9.1.5.1 has SQL Injection in the condition rule field, exploitable via front/rulesengine.test.php.

8.8CVSS9.6AI score0.00232EPSS

CVE•added 2017/07/28 5:29 a.m.•42 views

CVE-2017-11183

front/backup.php in GLPI before 9.1.5 allows remote authenticated administrators to delete arbitrary files via a crafted file parameter.

5.5CVSS5.7AI score0.00414EPSS

CVE•added 2017/07/20 4:29 a.m.•42 views

CVE-2017-11474

GLPI before 9.1.5.1 has SQL Injection in the $crit variable in inc/computer_softwareversion.class.php, exploitable via ajax/common.tabs.php.

9.8CVSS9.8AI score0.0025EPSS

CVE•added 2017/07/19 1:29 p.m.•34 views

CVE-2016-7509

Cross-site scripting (XSS) vulnerability in GLPI 0.90.4 allows remote authenticated attackers to inject arbitrary web script or HTML by attaching a crafted HTML file to a ticket.

5.4CVSS5AI score0.0015EPSS

CVE•added 2017/07/19 1:29 p.m.•33 views

CVE-2016-7507

Cross-Site Request Forgery (CSRF) vulnerability in GLPI 0.90.4 allows remote authenticated attackers to submit a request that could lead to the creation of an admin account in the application.

8CVSS7.5AI score0.0016EPSS