glpi-project

210 tracked vulnerabilities.

CVE-2023-43813 MEDIUM
GLPI 10.0.0-10.0.10 - SQL Injection via Saved Search Feature
Dec 13, 2023
CVSS 6.5
EPSS 0.11
CVE-2023-42802 CRITICAL
GLPI 10.0.7-10.0.9 - Unrestricted Upload of File with Dangerous Type via Unverified Object Instantiation
Nov 02, 2023
CVSS 10.0
EPSS 0.06
CVE-2023-42462 HIGH
GLPI 10.0.0-10.0.9 - Path Traversal and Arbitrary File Deletion via Document Upload Process
Sep 27, 2023
CVSS 7.7
EPSS 0.01
CVE-2023-42461 MEDIUM
GLPI 10.0.0-10.0.9 - SQL Injection via ITIL Actors Input Field
Sep 27, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-41888 MEDIUM
GLPI 10.0.8-10.0.9 - Path Traversal via Login Page URL
Sep 27, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-41326 HIGH
GLPI <10.0.10 - Privilege Escalation
Sep 27, 2023
CVSS 8.1
EPSS 0.04
CVE-2023-41324 HIGH
GLPI 9.3.0-10.0.9 - Unauthorized Account Access via User Resource API
Sep 27, 2023
CVSS 8.1
EPSS 0.00
CVE-2023-41323 MEDIUM
GLPI >= 0.68 < 10.0.10 - Unauthenticated User Login Enumeration
Sep 27, 2023
CVSS 5.3
EPSS 0.06
CVE-2023-41322 MEDIUM
GLPI <10.0.10 - Privilege Escalation
Sep 27, 2023
CVSS 4.9
EPSS 0.00
CVE-2023-41321 MEDIUM
GLPI 9.1.1-10.0.9 - Exposure of Sensitive Information via API Resource Enumeration
Sep 27, 2023
CVSS 4.9
EPSS 0.00
CVE-2023-41320 HIGH
GLPI 10.0.0-10.0.9 - SQL Injection via UI Layout Preferences
Sep 27, 2023
CVSS 8.1
EPSS 0.09
CVE-2023-37278 MEDIUM
GLPI < 10.0.9 - Authenticated SQL Injection via Dashboards Administration
Jul 13, 2023
CVSS 6.8
EPSS 0.00
CVE-2023-36808 HIGH
GLPI 0.80-10.0.7 - SQL Injection via Computer Virtual Machine Form and Inventory Request
Jul 05, 2023
CVSS 8.6
EPSS 0.16
CVE-2023-35940 HIGH
GLPI 9.5.0-10.0.8 - Unauthenticated Dashboard Data Access via Incorrect Rights Check
Jul 05, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-35939 HIGH
GLPI <10.0.8 - Privilege Escalation
Jul 05, 2023
CVSS 8.1
EPSS 0.00
CVE-2023-35924 HIGH
GLPI 10.0.0-10.0.8 - Unauthenticated SQL Injection via Inventory Endpoint
Jul 05, 2023
CVSS 8.6
EPSS 0.18
CVE-2023-34244 MEDIUM
GLPI 9.4.0-10.0.8 - Reflected Cross-Site Scripting via Crafted Link
Jul 05, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-34107 MEDIUM
GLPI 9.2.0-10.0.7 - Authenticated Incorrect Access Control in KnowbaseItems
Jul 05, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-34106 MEDIUM
GLPI <10.0.8 - Privilege Escalation
Jul 05, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-34254 HIGH
glpi_agent < 1.5 - Authenticated OS Command Injection via Remote Inventory SSH Task
Jun 23, 2023
CVSS 7.6
EPSS 0.00
CVE-2023-29006 HIGH
GLPI Order GLPI <2.7.7-2.10.1 - Command Injection
Apr 05, 2023
CVSS 8.8
EPSS 0.02
CVE-2023-28852 MEDIUM
GLPI 9.5.0-9.5.12 - Authenticated Stored Cross-Site Scripting via Dashboard Form
Apr 05, 2023
CVSS 4.8
EPSS 0.01
CVE-2023-28849 CRITICAL
GLPI 10.0.0-10.0.7 - Unauthenticated SQL Injection and Stored Cross-Site Scripting via Inventory Endpoint
Apr 05, 2023
CVSS 10.0
EPSS 0.01
CVE-2023-28838 CRITICAL
GLPI <9.5.13-10.0.7 - SQL Injection
Apr 05, 2023
CVSS 9.6
EPSS 0.01
CVE-2023-28639 MEDIUM
GLPI <9.5.13,10.0.7 - Reflected XSS
Apr 05, 2023
CVSS 6.1
EPSS 0.03
Products
glpi 191 glpi-inventory-plugin 4 glpi_agent 3 glpi_inventory 3 GLPI 1 activity 1 barcode 1 cmdb 1 dashboard 1 manageentities 1 more_reporting 1 order 1 positions 1 reports 1
Quick Filters
Critical CVEs With Exploits In CISA KEV