GLPI
by Teclib
Source repositories
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-10232 | Cri | 0.02 | 9.8 | 0.23 | Mar 27, 2019 | Teclib GLPI through 9.3.3 has SQL injection via the "cycle" parameter in /scripts/unlock_tasks.php. | ||
| CVE-2019-10233 | Hig | 0.00 | 8.1 | 0.01 | Mar 27, 2019 | Teclib GLPI before 9.4.1.1 is affected by a timing attack associated with a cookie. | ||
| CVE-2019-10231 | Cri | 0.00 | 9.8 | 0.02 | Mar 27, 2019 | Teclib GLPI before 9.4.1.1 is affected by a PHP type juggling vulnerability allowing bypass of authentication. This occurs in Auth::checkPassword() (inc/auth.class.php). |
- risk 0.02cvss 9.8epss 0.23
Teclib GLPI through 9.3.3 has SQL injection via the "cycle" parameter in /scripts/unlock_tasks.php.
- risk 0.00cvss 8.1epss 0.01
Teclib GLPI before 9.4.1.1 is affected by a timing attack associated with a cookie.
- risk 0.00cvss 9.8epss 0.02
Teclib GLPI before 9.4.1.1 is affected by a PHP type juggling vulnerability allowing bypass of authentication. This occurs in Auth::checkPassword() (inc/auth.class.php).