VYPR
Vendor

Teclib

Products
2
CVEs
4
Across products
4
Status
Private

Products

2

Recent CVEs

4
  • CVE-2019-10232CriMar 27, 2019
    risk 0.02cvss 9.8epss 0.23

    Teclib GLPI through 9.3.3 has SQL injection via the "cycle" parameter in /scripts/unlock_tasks.php.

  • CVE-2019-12723CriJul 10, 2019
    risk 0.00cvss 9.8epss 0.02

    An issue was discovered in the Teclib Fields plugin through 1.9.2 for GLPI. it allows SQL Injection via container_id and old_order parameters to ajax/reorder.php by an unauthenticated user.

  • CVE-2019-10233HigMar 27, 2019
    risk 0.00cvss 8.1epss 0.01

    Teclib GLPI before 9.4.1.1 is affected by a timing attack associated with a cookie.

  • CVE-2019-10231CriMar 27, 2019
    risk 0.00cvss 9.8epss 0.02

    Teclib GLPI before 9.4.1.1 is affected by a PHP type juggling vulnerability allowing bypass of authentication. This occurs in Auth::checkPassword() (inc/auth.class.php).