glpi-project
218 tracked vulnerabilities.
CVE-2020-15177
HIGH
GLPI < 9.5.2 - Unauthenticated Stored Cross-Site Scripting and Insecure Redirection via url_base Parameter
Oct 07, 2020
CVSS 8.0
EPSS 0.01
CVE-2020-15176
HIGH
GLPI < 9.5.2 - SQL Injection via Backtick Input
Oct 07, 2020
CVSS 8.7
EPSS 0.01
CVE-2020-15175
HIGH
GLPI < 9.5.2 - Unauthenticated Arbitrary File Deletion and Information Disclosure via pluginimage.send.php
Oct 07, 2020
CVSS 7.4
EPSS 0.71
CVE-2020-11031
HIGH
GLPI < 9.5.0 - Use of a Broken or Risky Cryptographic Algorithm
Sep 23, 2020
CVSS 7.8
EPSS 0.00
CVE-2020-15108
HIGH
glpi < 9.5.1 - SQL Injection via Clone Feature
Jul 17, 2020
CVSS 7.1
EPSS 0.01
CVE-2020-11062
MEDIUM
GLPI 0.68.1-9.4.6 - Reflected Cross-Site Scripting via Dropdown Endpoints
May 12, 2020
CVSS 6.0
EPSS 0.01
CVE-2020-11060
HIGH
GLPI < 9.4.6 - Authenticated Remote Code Execution via Backup Functionality
May 12, 2020
CVSS 7.4
EPSS 0.11
CVE-2020-5248
HIGH
GLPI < 9.4.6 - Use of Hard-coded Credentials via Default GLPIKEY
May 12, 2020
CVSS 7.2
EPSS 0.01
CVE-2020-11036
HIGH
GLPI < 9.4.6 - Stored Cross-Site Scripting via Knowledge Base Comments and User Surname
May 05, 2020
CVSS 7.6
EPSS 0.01
CVE-2020-11035
HIGH
GLPI 0.83.3-9.4.6 - Use of a Broken or Risky Cryptographic Algorithm in CSRF Token Generation
May 05, 2020
CVSS 7.5
EPSS 0.01
CVE-2020-11034
MEDIUM
NUCLEI
GLPI < 9.4.6 - Open Redirect via Regex Protection Bypass
May 05, 2020
CVSS 6.1
EPSS 0.08
CVE-2020-11033
MEDIUM
GLPI 9.1-9.4.5 - Authenticated Exposure of Sensitive Information via API User Endpoint
May 05, 2020
CVSS 6.6
EPSS 0.01
CVE-2020-11032
HIGH
GLPI < 9.4.6 - Authenticated SQL Injection
May 05, 2020
CVSS 7.6
EPSS 0.01
CVE-2019-14666
HIGH
GLPI < 9.4.3 - Authenticated Account Takeover via Autocompletion Token Exposure
Sep 25, 2019
CVSS 8.8
EPSS 0.02
CVE-2019-1010307
MEDIUM
GLPI 9.3.1 - Stored Cross-Site Scripting via Link Tickets Feature
Jul 15, 2019
CVSS 5.4
EPSS 0.01
CVE-2019-1010310
LOW
GLPI GLPI Product <9.3.1 - Command Injection
Jul 12, 2019
CVSS 3.5
EPSS 0.01
CVE-2019-13240
MEDIUM
GLPI < 9.4.1 - Weak Password Recovery Mechanism for Forgotten Password
Jul 10, 2019
CVSS 5.9
EPSS 0.02
CVE-2019-13239
MEDIUM
GLPI 9.1-9.4.2 - Stored Cross-Site Scripting via User Picture
Jul 04, 2019
CVSS 6.1
EPSS 0.01
CVE-2019-10233
HIGH
GLPI < 9.4.1.1 - Timing Attack via Cookie
Mar 27, 2019
CVSS 8.1
EPSS 0.01
CVE-2018-13049
HIGH
GLPI 9.2.0-9.3.0 - SQL Injection via LIMIT Clause in Computer Search
Jul 02, 2018
CVSS 8.8
EPSS 0.01
CVE-2018-7563
MEDIUM
GLPI < 9.2.1 - Authenticated Stored Cross-Site Scripting via Query String to front/preference.php
Mar 12, 2018
CVSS 6.1
EPSS 0.01
CVE-2018-7562
HIGH
GLPI < 9.2.1 - Authenticated Remote Code Execution via Race Condition in File Upload
Mar 12, 2018
CVSS 7.5
EPSS 0.02
CVE-2017-11184
CRITICAL
GLPI < 9.1.4 - SQL Injection via start Parameter
Jul 28, 2017
CVSS 9.8
EPSS 0.02
CVE-2017-11183
MEDIUM
GLPI < 9.1.4 - Authenticated Arbitrary File Deletion via Backup File Parameter
Jul 28, 2017
CVSS 4.9
EPSS 0.01
CVE-2017-11475
HIGH
GLPI < 9.1.5.0 - SQL Injection via Condition Rule Field
Jul 20, 2017
CVSS 8.8
EPSS 0.01