Alexandre Delaunay - Security Researcher - Exploit Intelligence Platform

CVE-2019-13239 WRITEUP MEDIUM WRITEUP

Glpi < 9.4.3 - XSS

inc/user.class.php in GLPI before 9.4.3 allows XSS via a user picture.

CVSS 6.1

View Code

CVE-2022-21719 WRITEUP MEDIUM WRITEUP

Glpi < 9.5.7 - XSS

GLPI is a free asset and IT management software package. All GLPI versions prior to 9.5.7 are vulnerable to reflected cross-site scripting. Version 9.5.7 contains a patch for this issue. There are no known workarounds.

CVSS 6.1

View Code

CVE-2022-31068 WRITEUP MEDIUM WRITEUP

GLPI <10.0.2 - Info Disclosure

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all GLPI instances with the native inventory used may leak sensitive information. The feature to get refused file is not authenticated. This issue has been addressed in version 10.0.2 and all affected users are advised to upgrade.

CVSS 5.3

View Code

CVE-2022-31143 WRITEUP MEDIUM WRITEUP

GLPI <10.0.3 - Info Disclosure

GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. It was found that in affected versions there is an exposure of private information defined in setup of GLPI (like smtp or cas hosts). Note that passwords are not exposed. Users are advised to upgrade to version 10.0.3. There are no known workarounds for this issue.

CVSS 5.3

View Code