glpi-project

218 tracked vulnerabilities.

CVE-2024-27937 MEDIUM
GLPI 10.0.0-10.0.12 - Authenticated Email Address Disclosure
Mar 18, 2024
CVSS 6.5
EPSS 0.27
CVE-2024-27930 MEDIUM
GLPI 0.78-10.0.12 - Authenticated Sensitive Data Exposure via Item Field Access
Mar 18, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-27756 HIGH
GLPI < 10.0.12 - CSV Injection via Asset Title
Mar 15, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-23645 MEDIUM
GLPI 0.65-10.0.11 - Cross-Site Scripting via Reports Page URL
Feb 01, 2024
CVSS 6.5
EPSS 0.01
CVE-2023-53943 MEDIUM
GLPI 9.5.7 - Username Enumeration via Lost Password Endpoint
Dec 18, 2025
CVSS 5.3
EPSS 0.00
CVE-2023-51446 MEDIUM
GLPI 0.70-10.0.11 - LDAP Injection via Authentication Form
Feb 01, 2024
CVSS 5.9
EPSS 0.01
CVE-2023-46727 HIGH
GLPI 10.0.0-10.0.10 - SQL Injection via Inventory Endpoint
Dec 13, 2023
CVSS 8.6
EPSS 0.67
CVE-2023-46726 HIGH
GLPI 10.0.0-10.0.10 - Remote Code Execution via LDAP Server Configuration Form
Dec 13, 2023
CVSS 7.2
EPSS 0.01
CVE-2023-43813 MEDIUM
GLPI 10.0.0-10.0.10 - SQL Injection via Saved Search Feature
Dec 13, 2023
CVSS 6.5
EPSS 0.31
CVE-2023-42802 CRITICAL
GLPI 10.0.7-10.0.9 - Unrestricted Upload of File with Dangerous Type via Unverified Object Instantiation
Nov 02, 2023
CVSS 10.0
EPSS 0.01
CVE-2023-42462 HIGH
GLPI 10.0.0-10.0.9 - Path Traversal and Arbitrary File Deletion via Document Upload Process
Sep 27, 2023
CVSS 7.7
EPSS 0.01
CVE-2023-42461 MEDIUM
GLPI 10.0.0-10.0.9 - SQL Injection via ITIL Actors Input Field
Sep 27, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-41888 MEDIUM
GLPI 10.0.8-10.0.9 - Path Traversal via Login Page URL
Sep 27, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-41326 HIGH
GLPI <10.0.10 - Privilege Escalation
Sep 27, 2023
CVSS 8.1
EPSS 0.31
CVE-2023-41324 HIGH
GLPI 9.3.0-10.0.9 - Unauthorized Account Access via User Resource API
Sep 27, 2023
CVSS 8.1
EPSS 0.01
CVE-2023-41323 MEDIUM
GLPI >= 0.68 < 10.0.10 - Unauthenticated User Login Enumeration
Sep 27, 2023
CVSS 5.3
EPSS 0.34
CVE-2023-41322 MEDIUM
GLPI <10.0.10 - Privilege Escalation
Sep 27, 2023
CVSS 4.9
EPSS 0.01
CVE-2023-41321 MEDIUM
GLPI 9.1.1-10.0.9 - Exposure of Sensitive Information via API Resource Enumeration
Sep 27, 2023
CVSS 4.9
EPSS 0.01
CVE-2023-41320 HIGH
GLPI 10.0.0-10.0.9 - SQL Injection via UI Layout Preferences
Sep 27, 2023
CVSS 8.1
EPSS 0.32
CVE-2023-37278 MEDIUM
GLPI < 10.0.9 - Authenticated SQL Injection via Dashboards Administration
Jul 13, 2023
CVSS 6.8
EPSS 0.01
CVE-2023-36808 HIGH
GLPI 0.80-10.0.7 - SQL Injection via Computer Virtual Machine Form and Inventory Request
Jul 05, 2023
CVSS 8.6
EPSS 0.48
CVE-2023-35940 HIGH
GLPI 9.5.0-10.0.8 - Unauthenticated Dashboard Data Access via Incorrect Rights Check
Jul 05, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-35939 HIGH
GLPI <10.0.8 - Privilege Escalation
Jul 05, 2023
CVSS 8.1
EPSS 0.01
CVE-2023-35924 HIGH
GLPI 10.0.0-10.0.8 - Unauthenticated SQL Injection via Inventory Endpoint
Jul 05, 2023
CVSS 8.6
EPSS 0.52
CVE-2023-34244 MEDIUM
GLPI 9.4.0-10.0.8 - Reflected Cross-Site Scripting via Crafted Link
Jul 05, 2023
CVSS 6.5
EPSS 0.01