glpi-project

210 tracked vulnerabilities.

CVE-2020-11036 HIGH
GLPI < 9.4.6 - Stored Cross-Site Scripting via Knowledge Base Comments and User Surname
May 05, 2020
CVSS 7.6
EPSS 0.01
CVE-2020-11035 HIGH
GLPI 0.83.3-9.4.6 - Use of a Broken or Risky Cryptographic Algorithm in CSRF Token Generation
May 05, 2020
CVSS 7.5
EPSS 0.00
CVE-2020-11034 MEDIUM NUCLEI
GLPI < 9.4.6 - Open Redirect via Regex Protection Bypass
May 05, 2020
CVSS 6.1
EPSS 0.59
CVE-2020-11033 MEDIUM
GLPI 9.1-9.4.5 - Authenticated Exposure of Sensitive Information via API User Endpoint
May 05, 2020
CVSS 6.6
EPSS 0.00
CVE-2020-11032 HIGH
GLPI < 9.4.6 - Authenticated SQL Injection
May 05, 2020
CVSS 7.6
EPSS 0.00
CVE-2019-14666 HIGH
GLPI < 9.4.3 - Authenticated Account Takeover via Autocompletion Token Exposure
Sep 25, 2019
CVSS 8.8
EPSS 0.03
CVE-2019-1010307 MEDIUM
GLPI 9.3.1 - Stored Cross-Site Scripting via Link Tickets Feature
Jul 15, 2019
CVSS 5.4
EPSS 0.00
CVE-2019-1010310 LOW
GLPI GLPI Product <9.3.1 - Command Injection
Jul 12, 2019
CVSS 3.5
EPSS 0.00
CVE-2019-13240 MEDIUM
GLPI < 9.4.1 - Weak Password Recovery Mechanism for Forgotten Password
Jul 10, 2019
CVSS 5.9
EPSS 0.01
CVE-2019-13239 MEDIUM
GLPI 9.1-9.4.2 - Stored Cross-Site Scripting via User Picture
Jul 04, 2019
CVSS 6.1
EPSS 0.00
CVE-2019-10233 HIGH
GLPI < 9.4.1.1 - Timing Attack via Cookie
Mar 27, 2019
CVSS 8.1
EPSS 0.00
CVE-2018-13049 HIGH
GLPI 9.2.0-9.3.0 - SQL Injection via LIMIT Clause in Computer Search
Jul 02, 2018
CVSS 8.8
EPSS 0.00
CVE-2018-7563 MEDIUM
GLPI < 9.2.1 - Authenticated Stored Cross-Site Scripting via Query String to front/preference.php
Mar 12, 2018
CVSS 6.1
EPSS 0.01
CVE-2018-7562 HIGH
GLPI < 9.2.1 - Authenticated Remote Code Execution via Race Condition in File Upload
Mar 12, 2018
CVSS 7.5
EPSS 0.01
CVE-2017-11184 CRITICAL
GLPI < 9.1.4 - SQL Injection via start Parameter
Jul 28, 2017
CVSS 9.8
EPSS 0.00
CVE-2017-11183 MEDIUM
GLPI < 9.1.4 - Authenticated Arbitrary File Deletion via Backup File Parameter
Jul 28, 2017
CVSS 4.9
EPSS 0.00
CVE-2017-11475 HIGH
GLPI < 9.1.5.0 - SQL Injection via Condition Rule Field
Jul 20, 2017
CVSS 8.8
EPSS 0.00
CVE-2017-11474 CRITICAL
GLPI < 9.1.5.0 - SQL Injection via $crit Variable in Computer Software Version Class
Jul 20, 2017
CVSS 9.8
EPSS 0.00
CVE-2017-11329 CRITICAL
GLPI < 9.1.4 - SQL Injection via Entity Restrict Parameter
Jul 17, 2017
CVSS 9.8
EPSS 0.00
CVE-2016-7509 MEDIUM
GLPI 0.90.4 - Authenticated Stored Cross-Site Scripting via Ticket HTML Attachment
Jul 19, 2017
CVSS 5.4
EPSS 0.00
CVE-2016-7507 HIGH
GLPI 0.90.4 - Authenticated Cross-Site Request Forgery
Jul 19, 2017
CVSS 8.0
EPSS 0.00
CVE-2016-7508 HIGH
GLPI 0.90.4 - Authenticated SQL Injection via Big5 Encoding Character
Jun 21, 2017
CVSS 7.5
EPSS 0.00
CVE-2015-7685
GLPI <0.85.3 - Privilege Escalation
Oct 05, 2015
EPSS 0.00
CVE-2015-7684
GLPI < 0.85.3 - Authenticated Remote Code Execution via Executable File Upload
Oct 05, 2015
EPSS 0.02
CVE-2014-8360
GLPI < 0.84.8 - Remote Code Execution via Dot Dot Underscore Path Traversal in Autoload Function
Apr 14, 2015
EPSS 0.01
Products
glpi 191 glpi-inventory-plugin 4 glpi_agent 3 glpi_inventory 3 GLPI 1 activity 1 barcode 1 cmdb 1 dashboard 1 manageentities 1 more_reporting 1 order 1 positions 1 reports 1
Quick Filters
Critical CVEs With Exploits In CISA KEV