Vendor CVEs
Glpi Project
All CVEs
219 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-11033 | 0.00 | — | 0.01 | May 5, 2020 | In GLPI from version 9.1 and before version 9.4.6, any API user with READ right on User itemtype will have access to full list of users when querying apirest.php/User. The response contains: - All api_tokens which can be used to do privileges escalations or read/update/delete… | |||
| CVE-2020-11032 | 0.00 | — | 0.01 | May 5, 2020 | In GLPI before version 9.4.6, there is a SQL injection vulnerability for all helpdesk instances. Exploiting this vulnerability requires a technician account. This is fixed in version 9.4.6. | |||
| CVE-2019-14666 | 0.00 | — | 0.02 | Sep 25, 2019 | GLPI through 9.4.3 is prone to account takeover by abusing the ajax/autocompletion.php autocompletion feature. The lack of correct validation leads to recovery of the token generated via the password reset functionality, and thus an authenticated attacker can set an arbitrary… | |||
| CVE-2019-1010307 | 0.00 | — | 0.01 | Jul 15, 2019 | GLPI GLPI Product 9.3.1 is affected by: Cross Site Scripting (XSS). The impact is: All dropdown values are vulnerable to XSS leading to privilege escalation and executing js on admin. The component is: /glpi/ajax/getDropDownValue.php. The attack vector is: 1- User Create a… | |||
| CVE-2019-1010310 | 0.00 | — | 0.01 | Jul 12, 2019 | GLPI GLPI Product 9.3.1 is affected by: Frame and Form tags Injection allowing admins to phish users by putting code in reminder description. The impact is: Admins can phish any user or group of users for credentials / credit cards. The component is: Tools > Reminder >… | |||
| CVE-2019-13240 | 0.00 | — | 0.02 | Jul 10, 2019 | An issue was discovered in GLPI before 9.4.1. After a successful password reset by a user, it is possible to change that user's password again during the next 24 hours without any information except the associated email address. | |||
| CVE-2019-13239 | 0.00 | — | 0.01 | Jul 4, 2019 | inc/user.class.php in GLPI before 9.4.3 allows XSS via a user picture. | |||
| CVE-2019-10233 | 0.00 | — | 0.01 | Mar 27, 2019 | Teclib GLPI before 9.4.1.1 is affected by a timing attack associated with a cookie. | |||
| CVE-2019-10231 | 0.00 | — | 0.02 | Mar 27, 2019 | Teclib GLPI before 9.4.1.1 is affected by a PHP type juggling vulnerability allowing bypass of authentication. This occurs in Auth::checkPassword() (inc/auth.class.php). | |||
| CVE-2018-7563 | Med | 0.00 | 6.1 | 0.01 | Mar 12, 2018 | An issue was discovered in GLPI through 9.2.1. The application is affected by XSS in the query string to front/preference.php. An attacker is able to create a malicious URL that, if opened by an authenticated user with debug privilege, will execute JavaScript code supplied by… | ||
| CVE-2018-7562 | Hig | 0.00 | 7.5 | 0.02 | Mar 12, 2018 | A remote code execution issue was discovered in GLPI through 9.2.1. There is a race condition that allows temporary access to an uploaded executable file that will be disallowed. The application allows an authenticated user to upload a file when he/she creates a new ticket via… | ||
| CVE-2015-7685 | 0.00 | — | 0.02 | Oct 5, 2015 | GLPI before 0.85.3 allows remote authenticated users to create super-admin accounts by leveraging permissions to create a user and the _profiles_id parameter to front/user.form.php. | |||
| CVE-2015-7684 | 0.00 | — | 0.04 | Oct 5, 2015 | Unrestricted file upload in GLPI before 0.85.3 allows remote authenticated users to execute arbitrary code by adding a file with an executable extension as an attachment to a new ticket, then accessing it via a direct request to the file in files/_tmp/. | |||
| CVE-2014-8360 | 0.00 | — | 0.03 | Apr 14, 2015 | Directory traversal vulnerability in inc/autoload.function.php in GLPI before 0.84.8 allows remote attackers to include and execute arbitrary local files via a .._ (dot dot underscore) in an item type to the getItemForItemtype, as demonstrated by the itemtype parameter in… | |||
| CVE-2014-5032 | 0.00 | — | 0.02 | Apr 14, 2015 | GLPI before 0.84.7 does not properly restrict access to cost information, which allows remote attackers to obtain sensitive information via the cost criteria in the search bar. | |||
| CVE-2012-4003 | 0.00 | — | 0.02 | Oct 9, 2012 | Multiple cross-site scripting (XSS) vulnerabilities in GLPI-PROJECT GLPI before 0.83.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||
| CVE-2012-4002 | 0.00 | — | 0.01 | Oct 9, 2012 | Cross-site request forgery (CSRF) vulnerability in GLPI-PROJECT GLPI before 0.83.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||
| CVE-2012-1037 | 0.00 | — | 0.01 | Jul 12, 2012 | PHP remote file inclusion vulnerability in front/popup.php in GLPI 0.78 through 0.80.61 allows remote authenticated users to execute arbitrary PHP code via a URL in the sub_type parameter. | |||
| CVE-2011-2720 | 0.00 | — | 0.03 | Aug 5, 2011 | The autocompletion functionality in GLPI before 0.80.2 does not blacklist certain username and password fields, which allows remote attackers to obtain sensitive information via a crafted POST request. |
- CVE-2020-11033May 5, 2020risk 0.00cvss —epss 0.01
In GLPI from version 9.1 and before version 9.4.6, any API user with READ right on User itemtype will have access to full list of users when querying apirest.php/User. The response contains: - All api_tokens which can be used to do privileges escalations or read/update/delete…
- CVE-2020-11032May 5, 2020risk 0.00cvss —epss 0.01
In GLPI before version 9.4.6, there is a SQL injection vulnerability for all helpdesk instances. Exploiting this vulnerability requires a technician account. This is fixed in version 9.4.6.
- CVE-2019-14666Sep 25, 2019risk 0.00cvss —epss 0.02
GLPI through 9.4.3 is prone to account takeover by abusing the ajax/autocompletion.php autocompletion feature. The lack of correct validation leads to recovery of the token generated via the password reset functionality, and thus an authenticated attacker can set an arbitrary…
- CVE-2019-1010307Jul 15, 2019risk 0.00cvss —epss 0.01
GLPI GLPI Product 9.3.1 is affected by: Cross Site Scripting (XSS). The impact is: All dropdown values are vulnerable to XSS leading to privilege escalation and executing js on admin. The component is: /glpi/ajax/getDropDownValue.php. The attack vector is: 1- User Create a…
- CVE-2019-1010310Jul 12, 2019risk 0.00cvss —epss 0.01
GLPI GLPI Product 9.3.1 is affected by: Frame and Form tags Injection allowing admins to phish users by putting code in reminder description. The impact is: Admins can phish any user or group of users for credentials / credit cards. The component is: Tools > Reminder >…
- CVE-2019-13240Jul 10, 2019risk 0.00cvss —epss 0.02
An issue was discovered in GLPI before 9.4.1. After a successful password reset by a user, it is possible to change that user's password again during the next 24 hours without any information except the associated email address.
- CVE-2019-13239Jul 4, 2019risk 0.00cvss —epss 0.01
inc/user.class.php in GLPI before 9.4.3 allows XSS via a user picture.
- CVE-2019-10233Mar 27, 2019risk 0.00cvss —epss 0.01
Teclib GLPI before 9.4.1.1 is affected by a timing attack associated with a cookie.
- CVE-2019-10231Mar 27, 2019risk 0.00cvss —epss 0.02
Teclib GLPI before 9.4.1.1 is affected by a PHP type juggling vulnerability allowing bypass of authentication. This occurs in Auth::checkPassword() (inc/auth.class.php).
- risk 0.00cvss 6.1epss 0.01
An issue was discovered in GLPI through 9.2.1. The application is affected by XSS in the query string to front/preference.php. An attacker is able to create a malicious URL that, if opened by an authenticated user with debug privilege, will execute JavaScript code supplied by…
- risk 0.00cvss 7.5epss 0.02
A remote code execution issue was discovered in GLPI through 9.2.1. There is a race condition that allows temporary access to an uploaded executable file that will be disallowed. The application allows an authenticated user to upload a file when he/she creates a new ticket via…
- CVE-2015-7685Oct 5, 2015risk 0.00cvss —epss 0.02
GLPI before 0.85.3 allows remote authenticated users to create super-admin accounts by leveraging permissions to create a user and the _profiles_id parameter to front/user.form.php.
- CVE-2015-7684Oct 5, 2015risk 0.00cvss —epss 0.04
Unrestricted file upload in GLPI before 0.85.3 allows remote authenticated users to execute arbitrary code by adding a file with an executable extension as an attachment to a new ticket, then accessing it via a direct request to the file in files/_tmp/.
- CVE-2014-8360Apr 14, 2015risk 0.00cvss —epss 0.03
Directory traversal vulnerability in inc/autoload.function.php in GLPI before 0.84.8 allows remote attackers to include and execute arbitrary local files via a .._ (dot dot underscore) in an item type to the getItemForItemtype, as demonstrated by the itemtype parameter in…
- CVE-2014-5032Apr 14, 2015risk 0.00cvss —epss 0.02
GLPI before 0.84.7 does not properly restrict access to cost information, which allows remote attackers to obtain sensitive information via the cost criteria in the search bar.
- CVE-2012-4003Oct 9, 2012risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in GLPI-PROJECT GLPI before 0.83.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.
- CVE-2012-4002Oct 9, 2012risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in GLPI-PROJECT GLPI before 0.83.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
- CVE-2012-1037Jul 12, 2012risk 0.00cvss —epss 0.01
PHP remote file inclusion vulnerability in front/popup.php in GLPI 0.78 through 0.80.61 allows remote authenticated users to execute arbitrary PHP code via a URL in the sub_type parameter.
- CVE-2011-2720Aug 5, 2011risk 0.00cvss —epss 0.03
The autocompletion functionality in GLPI before 0.80.2 does not blacklist certain username and password fields, which allows remote attackers to obtain sensitive information via a crafted POST request.
Page 5 of 5