glpi-project

CVE-2022-39234 MEDIUM

GLPI < 10.0.4 - Insufficient Session Expiration

Nov 03, 2022

CVSS 4.7

EPSS 0.00

CVE-2022-35914 CRITICAL KEVNUCLEI

GLPI htmLawed php command injection

Sep 19, 2022

CVSS 9.8

EPSS 0.94

CVE-2022-36112 LOW

GLPI < 10.0.3 - Server-Side Request Forgery via RSS Feed or External Calendar

Sep 14, 2022

CVSS 3.5

EPSS 0.00

CVE-2022-35947 CRITICAL

GLPI < 10.0.3 - SQL Injection via External Token Login Simulation

Sep 14, 2022

CVSS 10.0

EPSS 0.00

CVE-2022-35946 MEDIUM

GLPI < 10.0.3 - Authenticated SQL Injection via Plugin Controller

Sep 14, 2022

CVSS 5.5

EPSS 0.00

CVE-2022-35945 MEDIUM

GLPI < 10.0.3 - Stored Cross-Site Scripting in Registration Key Configuration Page

Sep 14, 2022

CVSS 6.3

EPSS 0.00

CVE-2022-31187 MEDIUM

GLPI < 10.0.3 - Cross-Site Scripting in Global Search

Sep 14, 2022

CVSS 6.8

EPSS 0.00

CVE-2022-31143 MEDIUM

GLPI < 10.0.3 - Exposure of Sensitive Information via Setup Configuration

Sep 14, 2022

CVSS 5.3

EPSS 0.00

CVE-2022-31068 MEDIUM

GLPI 10.0.0-10.0.1 - Unauthenticated Exposure of Sensitive Information via Native Inventory

Jun 28, 2022

CVSS 5.3

EPSS 0.00

CVE-2022-31061 CRITICAL

GLPI 9.3.0-9.5.7 - Unauthenticated SQL Injection via Login Page

Jun 28, 2022

CVSS 9.8

EPSS 0.46

CVE-2022-31056 CRITICAL

GLPI 10.0.0-10.0.2 - SQL Injection via Actor Fields

Jun 28, 2022

CVSS 9.8

EPSS 0.05

CVE-2022-31082 MEDIUM

glpi-inventory-plugin < 1.0.2 - SQL Injection via Package Deployment Tasks

Jun 27, 2022

CVSS 5.8

EPSS 0.00

CVE-2022-31062 MEDIUM

glpi_inventory < 1.0.2 - Local File Inclusion via Public Script

Jun 20, 2022

CVSS 5.3

EPSS 0.11

CVE-2022-29250 HIGH

GLPI < 10.0.1 - Authenticated SQL Injection on Search Pages

Jun 09, 2022

CVSS 8.1

EPSS 0.00

CVE-2022-24876 MEDIUM

GLPI - Stored Cross-Site Scripting via Kanban User Name

Jun 09, 2022

CVSS 5.4

EPSS 0.00

CVE-2022-24869 MEDIUM

GLPI < 10.0.0 - Cross-Site Scripting via Ticket Followups or Login Message Stylesheet Link

Apr 21, 2022

CVSS 4.6

EPSS 0.00

CVE-2022-24868 HIGH

GLPI < 10.0.0 - Stored Cross-Site Scripting via SVG Avatar Upload

Apr 21, 2022

CVSS 7.3

EPSS 0.00

CVE-2022-24867 HIGH

GLPI < 10.0.0 - Unauthenticated LDAP Password Exposure via JavaScript Config

Apr 21, 2022

CVSS 7.5

EPSS 0.00

CVE-2022-21720 MEDIUM

GLPI < 9.5.7 - Authenticated SQL Injection

Jan 28, 2022

CVSS 4.9

EPSS 0.00

CVE-2022-21719 MEDIUM

GLPI < 9.5.7 - Reflected Cross-Site Scripting

Jan 28, 2022

CVSS 6.1

EPSS 0.00

CVE-2021-44617 CRITICAL

GLPI 9.4.6 - SQL Injection via Ramo Plugin idu Parameter

Mar 28, 2022

CVSS 9.8

EPSS 0.01

CVE-2021-43778 CRITICAL NUCLEI

GLPI Barcode Plugin 2.0-2.6.0 - Path Traversal via front/send.php

Nov 24, 2021

CVSS 9.1

EPSS 0.90

CVE-2021-39213 MEDIUM

GLPI 9.1-9.5.5 - API Bypass via Custom Header Injection

Sep 15, 2021

CVSS 6.8

EPSS 0.00

CVE-2021-39211 MEDIUM NUCLEI

GLPI 9.2-9.5.5 - Information Disclosure via Telemetry Endpoint

Sep 15, 2021

CVSS 5.3

EPSS 0.39

CVE-2021-39210 MEDIUM

GLPI < 9.5.6 - Unprotected Autologin Cookie Exposure via Remember Me Feature

Sep 15, 2021

CVSS 6.5

EPSS 0.00