Glpi
Sign in to watchby Glpi Project
Source repositories
CVEs (169)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-11032 | 0.00 | — | 0.00 | May 5, 2020 | In GLPI before version 9.4.6, there is a SQL injection vulnerability for all helpdesk instances. Exploiting this vulnerability requires a technician account. This is fixed in version 9.4.6. | ||
| CVE-2015-7685 | 0.00 | — | 0.00 | Oct 5, 2015 | GLPI before 0.85.3 allows remote authenticated users to create super-admin accounts by leveraging permissions to create a user and the _profiles_id parameter to front/user.form.php. | ||
| CVE-2015-7684 | 0.00 | — | 0.02 | Oct 5, 2015 | Unrestricted file upload in GLPI before 0.85.3 allows remote authenticated users to execute arbitrary code by adding a file with an executable extension as an attachment to a new ticket, then accessing it via a direct request to the file in files/_tmp/. | ||
| CVE-2014-8360 | 0.00 | — | 0.01 | Apr 14, 2015 | Directory traversal vulnerability in inc/autoload.function.php in GLPI before 0.84.8 allows remote attackers to include and execute arbitrary local files via a .._ (dot dot underscore) in an item type to the getItemForItemtype, as demonstrated by the itemtype parameter in ajax/common.tabs.php. | ||
| CVE-2014-5032 | 0.00 | — | 0.00 | Apr 14, 2015 | GLPI before 0.84.7 does not properly restrict access to cost information, which allows remote attackers to obtain sensitive information via the cost criteria in the search bar. | ||
| CVE-2012-4003 | 0.00 | — | 0.00 | Oct 9, 2012 | Multiple cross-site scripting (XSS) vulnerabilities in GLPI-PROJECT GLPI before 0.83.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors. | ||
| CVE-2012-4002 | 0.00 | — | 0.00 | Oct 9, 2012 | Cross-site request forgery (CSRF) vulnerability in GLPI-PROJECT GLPI before 0.83.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||
| CVE-2012-1037 | 0.00 | — | 0.01 | Jul 12, 2012 | PHP remote file inclusion vulnerability in front/popup.php in GLPI 0.78 through 0.80.61 allows remote authenticated users to execute arbitrary PHP code via a URL in the sub_type parameter. | ||
| CVE-2011-2720 | 0.00 | — | 0.01 | Aug 5, 2011 | The autocompletion functionality in GLPI before 0.80.2 does not blacklist certain username and password fields, which allows remote attackers to obtain sensitive information via a crafted POST request. |
Page 9 of 9