Glpi Security Vulnerabilities and Issues — Glpi CVE List

Lucene search

Glpi-projectGlpi

9 matches found

CVE•added 2025/03/18 7:15 p.m.•137 views

CVE-2025-24799

GLPI is a free asset and IT management software package. An unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 10.0.18.

7.5CVSS7.9AI score0.60282EPSS

CVE•added 2025/02/25 6:15 p.m.•94 views

CVE-2025-23046

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.18, if a "Mail servers" authentication provider is configured to use an Oauth connection provided by the OauthIMAP plugin, anyone can connect to GLPI using a user name on which an Oauth auth...

7.5CVSS7.2AI score0.00054EPSS

CVE•added 2025/02/25 4:15 p.m.•73 views

CVE-2025-21626

GLPI is a free asset and IT management software package. Starting in version 0.71 and prior to version 10.0.18, an anonymous user can fetch sensitive information from the status.php endpoint. Version 10.0.18 contains a fix for the issue. Some workarounds are available. One may delete the status.php...

6.5CVSS5.7AI score0.00068EPSS

CVE•added 2025/03/18 7:15 p.m.•70 views

CVE-2025-24801

GLPI is a free asset and IT management software package. An authenticated user can upload and force the execution of *.php files located on the GLPI server. This vulnerability is fixed in 10.0.18.

8.5CVSS8.4AI score0.00018EPSS

CVE•added 2025/02/25 4:15 p.m.•66 views

CVE-2025-21627

GLPI is a free asset and IT management software package. In versions prior to 10.0.18, a malicious link can be crafted to perform a reflected XSS attack on the search page. If the anonymous ticket creation is enabled, this attack can be performed by an unauthenticated user. Version 10.0.18 contains...

6.5CVSS6.4AI score0.00036EPSS

CVE•added 2025/02/25 4:15 p.m.•65 views

CVE-2025-23024

GLPI is a free asset and IT management software package. Starting in version 0.72 and prior to version 10.0.18, an anonymous user can disable all the active plugins. Version 10.0.18 contains a patch. As a workaround, one may delete the install/update.php file.

6.9CVSS7.1AI score0.00043EPSS

CVE•added 2025/02/25 6:15 p.m.•61 views

CVE-2025-25192

GLPI is a free asset and IT management software package. Prior to version 10.0.18, a low privileged user can enable debug mode and access sensitive information. Version 10.0.18 contains a patch. As a workaround, one may delete the install/update.php file.

6.5CVSS6.7AI score0.0006EPSS

CVE•added 2025/02/25 4:15 p.m.•60 views

CVE-2024-11955

A vulnerability was found in GLPI up to 10.0.17. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument redirect leads to open redirect. The attack can be launched remotely. The exploit has been disclo...

6.1CVSS7.1AI score0.00071EPSS

CVE•added 2025/03/18 7:15 p.m.•59 views

CVE-2025-21619

GLPI is a free asset and IT management software package. An administrator user can perfom a SQL injection through the rules configuration forms. This vulnerability is fixed in 10.0.18.

8.2CVSS7.3AI score0.00056EPSS