VYPR
Vendor

Pluginsglpi

Products
4
CVEs
8
Across products
8
Status
Private

Products

4

Recent CVEs

8
  • CVE-2024-45600HigDec 26, 2024
    risk 0.43cvss 7.7epss 0.00

    Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to 1.21.13, an authenticated user can perform a SQL injection when the plugin is active. The vulnerability is fixed in 1.21.13.

  • CVE-2025-65035MedDec 19, 2025
    risk 0.42cvss 6.4epss 0.00

    pluginsGLPI's Database Inventory Plugin "manages" the Teclib' inventory agents in order to perform an inventory of the databases present on the workstation. Prior to version 1.1.2, in certain conditions (database write access must first be obtained through another vulnerability…

  • CVE-2025-27153MedJul 1, 2025
    risk 0.35cvss 6.5epss 0.00

    Escalade GLPI plugin is a ticket escalation process helper for GLPI. Prior to version 2.9.11, there is an improper access control vulnerability. This can lead to data exposure and workflow disruptions. This issue has been patched in version 2.9.11.

  • CVE-2025-53360MedNov 18, 2025
    risk 0.21cvss 4.3epss 0.00

    pluginsGLPI's Database Inventory Plugin "manages" the Teclib' inventory agents in order to perform an inventory of the databases present on the workstation. In versions prior to 1.0.3, any authenticated user could send requests to agents. This issue has been patched in version…

  • CVE-2026-23489Mar 16, 2026
    risk 0.00cvss epss 0.00

    Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to version 1.23.3, it is possible to execute arbitrary PHP code from users that are allowed to create dropdowns. This issue has been patched in version 1.23.3.

  • CVE-2023-28855Apr 5, 2023
    risk 0.00cvss epss 0.01

    Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to versions 1.13.1 and 1.20.4, lack of access control check allows any authenticated user to write data to any fields container, including those to which they have no configured access.…

  • CVE-2021-39190Sep 22, 2022
    risk 0.00cvss epss 0.00

    The SCCM plugin for GLPI is a plugin to synchronize computers from SCCM (version 1802) to GLPI. In versions prior to 2.3.0, the Configuration page is publicly accessible in read-only mode. This issue is patched in version 2.3.0. No known workarounds exist.

  • CVE-2019-12723Jul 10, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in the Teclib Fields plugin through 1.9.2 for GLPI. it allows SQL Injection via container_id and old_order parameters to ajax/reorder.php by an unauthenticated user.