glpi-project

218 tracked vulnerabilities.

CVE-2023-34107 MEDIUM
GLPI 9.2.0-10.0.7 - Authenticated Incorrect Access Control in KnowbaseItems
Jul 05, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-34106 MEDIUM
GLPI <10.0.8 - Privilege Escalation
Jul 05, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-34254 HIGH
glpi_agent < 1.5 - Authenticated OS Command Injection via Remote Inventory SSH Task
Jun 23, 2023
CVSS 7.6
EPSS 0.01
CVE-2023-29006 HIGH
GLPI Order GLPI <2.7.7-2.10.1 - Command Injection
Apr 05, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-28852 MEDIUM
GLPI 9.5.0-9.5.12 - Authenticated Stored Cross-Site Scripting via Dashboard Form
Apr 05, 2023
CVSS 4.8
EPSS 0.01
CVE-2023-28849 CRITICAL
GLPI 10.0.0-10.0.7 - Unauthenticated SQL Injection and Stored Cross-Site Scripting via Inventory Endpoint
Apr 05, 2023
CVSS 10.0
EPSS 0.00
CVE-2023-28838 CRITICAL
GLPI <9.5.13-10.0.7 - SQL Injection
Apr 05, 2023
CVSS 9.6
EPSS 0.01
CVE-2023-28639 MEDIUM
GLPI <9.5.13,10.0.7 - Reflected XSS
Apr 05, 2023
CVSS 6.1
EPSS 0.01
CVE-2023-28636 MEDIUM
GLPI 0.60-9.5.12 - Authenticated Stored Cross-Site Scripting via External Link
Apr 05, 2023
CVSS 4.5
EPSS 0.01
CVE-2023-28634 HIGH
GLPI <9.5.13, <10.0.7 - Privilege Escalation
Apr 05, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-28633 LOW
GLPI 0.84-9.5.12 - Server-Side Request Forgery via RSS Feed Autodiscovery
Apr 05, 2023
CVSS 3.5
EPSS 0.00
CVE-2023-28632 HIGH
GLPI <9.5.13, <10.0.7 - Privilege Escalation
Apr 05, 2023
CVSS 8.1
EPSS 0.01
CVE-2023-23610 MEDIUM
GLPI < 9.5.12 - Improper Privilege Management via Data Export
Jan 26, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-22725 MEDIUM
GLPI 0.60-9.5.12 - Stored Cross-Site Scripting via External Link
Jan 26, 2023
CVSS 6.2
EPSS 0.01
CVE-2023-22724 MEDIUM
GLPI 10.0.0-10.0.5 - Stored Cross-Site Scripting via RSS Feed Import
Jan 26, 2023
CVSS 6.2
EPSS 0.01
CVE-2023-22722 MEDIUM
GLPI 9.4.0-9.5.12 - Cross-Site Scripting via URL Payload
Jan 26, 2023
CVSS 6.8
EPSS 0.01
CVE-2023-22500 HIGH
GLPI 10.0.0-10.0.5 - Unauthenticated Inventory File Access via FAQ
Jan 26, 2023
CVSS 7.5
EPSS 0.01
CVE-2022-34128 CRITICAL
GLPI Cartography Plugin <6.0.1 - Remote Code Execution via front/upload.php
Apr 16, 2023
CVSS 9.8
EPSS 0.08
CVE-2022-34127 HIGH
Managentities <4.0.2 - Path Traversal
Apr 16, 2023
CVSS 7.5
EPSS 0.07
CVE-2022-34126 HIGH
GLPI Activity plugin < 3.1.1 - Path Traversal via front/cra.send.php File Parameter
Apr 16, 2023
CVSS 7.5
EPSS 0.01
CVE-2022-34125 MEDIUM
GLPI CMDB < 3.0.3 - Unauthenticated Sensitive Information Exposure via File Parameter
Apr 16, 2023
CVSS 6.5
EPSS 0.05
CVE-2022-41941 MEDIUM
GLPI 10.0.0-10.0.5 - Stored Cross-Site Scripting in Help Links
Jan 26, 2023
CVSS 6.2
EPSS 0.01
CVE-2022-39181 MEDIUM
GLPI Reports Plugin - Reflected Cross-Site Scripting
Nov 17, 2022
CVSS 6.1
EPSS 0.00
CVE-2022-39376 LOW
GLPI 0.65-10.0.3 - Improper Input Validation in Mailto Link Custom Fields
Nov 03, 2022
CVSS 2.6
EPSS 0.00
CVE-2022-39375 MEDIUM
GLPI >=0.84 <10.0.4 - Stored Cross-Site Scripting via Public RSS Feed
Nov 03, 2022
CVSS 4.5
EPSS 0.00