glpi-project
218 tracked vulnerabilities.
CVE-2023-34107
MEDIUM
GLPI 9.2.0-10.0.7 - Authenticated Incorrect Access Control in KnowbaseItems
Jul 05, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-34106
MEDIUM
GLPI <10.0.8 - Privilege Escalation
Jul 05, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-34254
HIGH
glpi_agent < 1.5 - Authenticated OS Command Injection via Remote Inventory SSH Task
Jun 23, 2023
CVSS 7.6
EPSS 0.01
CVE-2023-29006
HIGH
GLPI Order GLPI <2.7.7-2.10.1 - Command Injection
Apr 05, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-28852
MEDIUM
GLPI 9.5.0-9.5.12 - Authenticated Stored Cross-Site Scripting via Dashboard Form
Apr 05, 2023
CVSS 4.8
EPSS 0.01
CVE-2023-28849
CRITICAL
GLPI 10.0.0-10.0.7 - Unauthenticated SQL Injection and Stored Cross-Site Scripting via Inventory Endpoint
Apr 05, 2023
CVSS 10.0
EPSS 0.00
CVE-2023-28838
CRITICAL
GLPI <9.5.13-10.0.7 - SQL Injection
Apr 05, 2023
CVSS 9.6
EPSS 0.01
CVE-2023-28639
MEDIUM
GLPI <9.5.13,10.0.7 - Reflected XSS
Apr 05, 2023
CVSS 6.1
EPSS 0.01
CVE-2023-28636
MEDIUM
GLPI 0.60-9.5.12 - Authenticated Stored Cross-Site Scripting via External Link
Apr 05, 2023
CVSS 4.5
EPSS 0.01
CVE-2023-28634
HIGH
GLPI <9.5.13, <10.0.7 - Privilege Escalation
Apr 05, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-28633
LOW
GLPI 0.84-9.5.12 - Server-Side Request Forgery via RSS Feed Autodiscovery
Apr 05, 2023
CVSS 3.5
EPSS 0.00
CVE-2023-28632
HIGH
GLPI <9.5.13, <10.0.7 - Privilege Escalation
Apr 05, 2023
CVSS 8.1
EPSS 0.01
CVE-2023-23610
MEDIUM
GLPI < 9.5.12 - Improper Privilege Management via Data Export
Jan 26, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-22725
MEDIUM
GLPI 0.60-9.5.12 - Stored Cross-Site Scripting via External Link
Jan 26, 2023
CVSS 6.2
EPSS 0.01
CVE-2023-22724
MEDIUM
GLPI 10.0.0-10.0.5 - Stored Cross-Site Scripting via RSS Feed Import
Jan 26, 2023
CVSS 6.2
EPSS 0.01
CVE-2023-22722
MEDIUM
GLPI 9.4.0-9.5.12 - Cross-Site Scripting via URL Payload
Jan 26, 2023
CVSS 6.8
EPSS 0.01
CVE-2023-22500
HIGH
GLPI 10.0.0-10.0.5 - Unauthenticated Inventory File Access via FAQ
Jan 26, 2023
CVSS 7.5
EPSS 0.01
CVE-2022-34128
CRITICAL
GLPI Cartography Plugin <6.0.1 - Remote Code Execution via front/upload.php
Apr 16, 2023
CVSS 9.8
EPSS 0.08
CVE-2022-34127
HIGH
Managentities <4.0.2 - Path Traversal
Apr 16, 2023
CVSS 7.5
EPSS 0.07
CVE-2022-34126
HIGH
GLPI Activity plugin < 3.1.1 - Path Traversal via front/cra.send.php File Parameter
Apr 16, 2023
CVSS 7.5
EPSS 0.01
CVE-2022-34125
MEDIUM
GLPI CMDB < 3.0.3 - Unauthenticated Sensitive Information Exposure via File Parameter
Apr 16, 2023
CVSS 6.5
EPSS 0.05
CVE-2022-41941
MEDIUM
GLPI 10.0.0-10.0.5 - Stored Cross-Site Scripting in Help Links
Jan 26, 2023
CVSS 6.2
EPSS 0.01
CVE-2022-39181
MEDIUM
GLPI Reports Plugin - Reflected Cross-Site Scripting
Nov 17, 2022
CVSS 6.1
EPSS 0.00
CVE-2022-39376
LOW
GLPI 0.65-10.0.3 - Improper Input Validation in Mailto Link Custom Fields
Nov 03, 2022
CVSS 2.6
EPSS 0.00
CVE-2022-39375
MEDIUM
GLPI >=0.84 <10.0.4 - Stored Cross-Site Scripting via Public RSS Feed
Nov 03, 2022
CVSS 4.5
EPSS 0.00