glpi-project
218 tracked vulnerabilities.
CVE-2022-24867
HIGH
GLPI < 10.0.0 - Unauthenticated LDAP Password Exposure via JavaScript Config
Apr 21, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-21720
MEDIUM
GLPI < 9.5.7 - Authenticated SQL Injection
Jan 28, 2022
CVSS 4.9
EPSS 0.01
CVE-2022-21719
MEDIUM
GLPI < 9.5.7 - Reflected Cross-Site Scripting
Jan 28, 2022
CVSS 6.1
EPSS 0.01
CVE-2021-44617
CRITICAL
GLPI 9.4.6 - SQL Injection via Ramo Plugin idu Parameter
Mar 28, 2022
CVSS 9.8
EPSS 0.02
CVE-2021-43778
CRITICAL
NUCLEI
GLPI Barcode Plugin 2.0-2.6.0 - Path Traversal via front/send.php
Nov 24, 2021
CVSS 9.1
EPSS 0.53
CVE-2021-39213
MEDIUM
GLPI 9.1-9.5.5 - API Bypass via Custom Header Injection
Sep 15, 2021
CVSS 6.8
EPSS 0.01
CVE-2021-39211
MEDIUM
NUCLEI
GLPI 9.2-9.5.5 - Information Disclosure via Telemetry Endpoint
Sep 15, 2021
CVSS 5.3
EPSS 0.05
CVE-2021-39210
MEDIUM
GLPI < 9.5.6 - Unprotected Autologin Cookie Exposure via Remember Me Feature
Sep 15, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-39209
HIGH
GLPI < 9.5.6 - Cross-Site Request Forgery Protection Bypass
Sep 15, 2021
CVSS 8.8
EPSS 0.01
CVE-2021-3486
MEDIUM
GLPi 9.5.4 - Stored Cross-Site Scripting via Metadata Injection
May 26, 2021
CVSS 6.1
EPSS 0.01
CVE-2021-30144
MEDIUM
GLPI Dashboard <1.0.2 - Auth Bypass
Apr 06, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-21327
MEDIUM
GLPI < 9.5.4 - Unauthenticated Unsafe Reflection via Class Instantiation
Mar 08, 2021
CVSS 6.8
EPSS 0.02
CVE-2021-21326
HIGH
GLPI < 9.5.4 - Unauthenticated Ticket Creation via Self-Service Interface
Mar 08, 2021
CVSS 7.7
EPSS 0.01
CVE-2021-21325
MEDIUM
GLPI < 9.5.4 - Authenticated Stored Cross-Site Scripting via Budget Type Input
Mar 08, 2021
CVSS 6.2
EPSS 0.01
CVE-2021-21324
MEDIUM
GLPI < 9.5.4 - Authenticated Insecure Direct Object Reference via Knowbase Search Form
Mar 08, 2021
CVSS 6.8
EPSS 0.01
CVE-2021-21314
MEDIUM
GLPI < 9.5.4 - Authenticated Stored Cross-Site Scripting in Ticket Update
Mar 03, 2021
CVSS 5.4
EPSS 0.01
CVE-2021-21313
MEDIUM
GLPI < 9.5.4 - Cross-Site Scripting via _target Parameter in common.tabs.php
Mar 03, 2021
CVSS 4.9
EPSS 0.01
CVE-2021-21312
MEDIUM
GLPI < 9.5.4 - Stored Cross-Site Scripting via Document Web Link Field
Mar 03, 2021
CVSS 5.4
EPSS 0.01
CVE-2021-21258
MEDIUM
GLPI 9.5.0-9.5.4 - Cross-Site Scripting via ajax/kanban.php
Mar 02, 2021
CVSS 6.8
EPSS 0.01
CVE-2021-21255
MEDIUM
GLPI 9.5.3 - Missing Authorization via Entity Switch IDOR
Mar 02, 2021
CVSS 5.8
EPSS 0.01
CVE-2020-27663
MEDIUM
GLPI < 9.5.3 - Insecure Direct Object Reference via ajax/getDropdownValue.php
Nov 26, 2020
CVSS 4.3
EPSS 0.01
CVE-2020-27662
MEDIUM
GLPI < 9.5.3 - Insecure Direct Object Reference via ajax/comments.php
Nov 26, 2020
CVSS 4.3
EPSS 0.01
CVE-2020-26212
HIGH
GLPI < 9.5.3 - Authenticated Unauthorized Planning Access via CalDAV
Nov 25, 2020
CVSS 7.7
EPSS 0.01
CVE-2020-15226
MEDIUM
GLPI < 9.5.2 - Authenticated SQL Injection via API Search Function
Oct 07, 2020
CVSS 5.0
EPSS 0.01
CVE-2020-15217
MEDIUM
GLPI 9.5.0-9.5.2 - Unauthenticated User Information Leakage via Public FAQ
Oct 07, 2020
CVSS 5.3
EPSS 0.01