VYPR

Glpi

by Glpi Project

Source repositories

CVEs (201)

  • CVE-2014-9258Dec 19, 2014
    risk 0.03cvss epss 0.03

    SQL injection vulnerability in ajax/getDropdownValue.php in GLPI before 0.85.1 allows remote authenticated users to execute arbitrary SQL commands via the condition parameter.

  • CVE-2013-2226May 14, 2014
    risk 0.03cvss epss 0.03

    Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow remote attackers to execute arbitrary SQL commands via the (1) users_id_assign parameter to ajax/ticketassigninformation.php, (2) filename parameter to front/document.form.php, or (3) table parameter to…

  • CVE-2024-50339Dec 11, 2024
    risk 0.02cvss epss 0.20

    GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.17, an unauthenticated user can retrieve all the sessions IDs and use them to steal any valid session. Version 10.0.17 contains a patch for this issue.

  • CVE-2024-27937Mar 18, 2024
    risk 0.02cvss epss 0.27

    GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can obtain the email address of all GLPI users. This issue has been patched in version 10.0.13.

  • CVE-2023-43813Dec 13, 2023
    risk 0.02cvss epss 0.31

    GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, the saved search feature can be used to perform a SQL injection. Version 10.0.11 contains a patch for the issue.

  • CVE-2019-10232Mar 27, 2019
    risk 0.02cvss epss 0.23

    Teclib GLPI through 9.3.3 has SQL injection via the "cycle" parameter in /scripts/unlock_tasks.php.

  • CVE-2024-37149Jul 10, 2024
    risk 0.01cvss epss 0.21

    GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated technician user can upload a malicious PHP script and hijack the plugin loader to execute this malicious script.…

  • CVE-2024-37147Jul 10, 2024
    risk 0.01cvss epss 0.01

    GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can attach a document to any item, even if the user has no write access on it. Upgrade to 10.0.16.

  • CVE-2023-41320Sep 26, 2023
    risk 0.01cvss epss 0.32

    GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. UI layout preferences management can be hijacked to lead to SQL injection. This…

  • CVE-2023-36808Jul 5, 2023
    risk 0.01cvss epss 0.45

    GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.8, Computer Virtual Machine form and GLPI inventory request can be used to perform a SQL injection attack. Version 10.0.8 has a patch for this issue. As a workaround, one…

  • CVE-2023-35924Jul 5, 2023
    risk 0.01cvss epss 0.49

    GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.8, GLPI inventory endpoint can be used to drive a SQL injection attack. By default, GLPI inventory endpoint requires no authentication. Version 10.0.8 has a patch for…

  • CVE-2026-25937Mar 17, 2026
    risk 0.00cvss epss 0.00

    GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, a malicious actor with knowledge of a user's credentials can bypass MFA and steal their account. Version 11.0.6 fixes the issue.

  • CVE-2026-25936Mar 17, 2026
    risk 0.00cvss epss 0.00

    GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, an authenticated user can perfom a SQL injection. Version 11.0.6 fixes the issue.

  • CVE-2026-22248Mar 11, 2026
    risk 0.00cvss epss 0.00

    GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. From 11.0.0 to before 11.0.5, an authenticated technician user can upload a malicious file and trigger its execution through an…

  • CVE-2026-22044Feb 4, 2026
    risk 0.00cvss epss 0.00

    GLPI is a free asset and IT management software package. From version 0.85 to before 10.0.23, an authenticated user can perform a SQL injection. This issue has been patched in version 10.0.23.

  • CVE-2026-23624Feb 4, 2026
    risk 0.00cvss epss 0.00

    GLPI is a free asset and IT management software package. In versions starting from 0.71 to before 10.0.23 and before 11.0.5, when remote authentication is used, based on SSO variables, a user can steal a GLPI session previously opened by another user on the same machine. This…

  • CVE-2026-22247Feb 4, 2026
    risk 0.00cvss epss 0.00

    GLPI is a free asset and IT management software package. From version 11.0.0 to before 11.0.5, a GLPI administrator can perform SSRF request through the Webhook feature. This issue has been patched in version 11.0.5.

  • CVE-2025-66417Jan 15, 2026
    risk 0.00cvss epss 0.00

    GLPI is a free asset and IT management software package. From 11.0.0, < 11.0.3, an unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 11.0.3.

  • CVE-2025-64516Jan 15, 2026
    risk 0.00cvss epss 0.00

    GLPI is a free asset and IT management software package. Prior to 10.0.21 and 11.0.3, an unauthorized user can access GLPI documents attached to any item (ticket, asset, ...). If the public FAQ is enabled, this unauthorized access can be performed by an anonymous user. This…

  • CVE-2023-53943Dec 18, 2025
    risk 0.00cvss epss 0.00

    GLPI 9.5.7 contains a username enumeration vulnerability in the lost password recovery mechanism that allows attackers to validate email addresses. Attackers can systematically test email addresses by submitting requests to the password reset endpoint and analyzing response…

Page 3 of 11