Vendor
Teclib
Products
2
CVEs
4
Across products
4
Status
Private
Products
2- 3 CVEs
- 1 CVE
Recent CVEs
4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-10232 | Cri | 0.02 | 9.8 | 0.23 | Mar 27, 2019 | Teclib GLPI through 9.3.3 has SQL injection via the "cycle" parameter in /scripts/unlock_tasks.php. | ||
| CVE-2019-12723 | Cri | 0.00 | 9.8 | 0.02 | Jul 10, 2019 | An issue was discovered in the Teclib Fields plugin through 1.9.2 for GLPI. it allows SQL Injection via container_id and old_order parameters to ajax/reorder.php by an unauthenticated user. | ||
| CVE-2019-10233 | Hig | 0.00 | 8.1 | 0.01 | Mar 27, 2019 | Teclib GLPI before 9.4.1.1 is affected by a timing attack associated with a cookie. | ||
| CVE-2019-10231 | Cri | 0.00 | 9.8 | 0.02 | Mar 27, 2019 | Teclib GLPI before 9.4.1.1 is affected by a PHP type juggling vulnerability allowing bypass of authentication. This occurs in Auth::checkPassword() (inc/auth.class.php). |
- risk 0.02cvss 9.8epss 0.23
Teclib GLPI through 9.3.3 has SQL injection via the "cycle" parameter in /scripts/unlock_tasks.php.
- risk 0.00cvss 9.8epss 0.02
An issue was discovered in the Teclib Fields plugin through 1.9.2 for GLPI. it allows SQL Injection via container_id and old_order parameters to ajax/reorder.php by an unauthenticated user.
- risk 0.00cvss 8.1epss 0.01
Teclib GLPI before 9.4.1.1 is affected by a timing attack associated with a cookie.
- risk 0.00cvss 9.8epss 0.02
Teclib GLPI before 9.4.1.1 is affected by a PHP type juggling vulnerability allowing bypass of authentication. This occurs in Auth::checkPassword() (inc/auth.class.php).