Medium
CVSS: 6.5
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 9.3.1 through 10.0.19, a connected us…
Medium
CVSS: 6.5
GLPI is a Free Asset and IT Management Software package. In versions 9.1.0 through 10.0.18, an unauthenticated user can send a malicious link to attempt a phishing attack from the planning feature. This is fixed in version 10.0.19.
Low
CVSS: 3.5
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In versions 0.84 through 10.0.18, usage of RSS feeds or external calendars when planning is subject…
Medium
CVSS: 4.5
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In versions 9.5.0 through 10.0.18, a technician can use a malicious payload to trigger a stored XSS…
High
CVSS: 8.5
GLPI is a free asset and IT management software package. An authenticated user can upload and force the execution of *.php files located on the GLPI server. This vulnerability is fixed in 10.0.18.
High
CVSS: 7.5
GLPI is a free asset and IT management software package. An unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 10.0.18.
High
CVSS: 8.2
GLPI is a free asset and IT management software package. An administrator user can perfom a SQL injection through the rules configuration forms. This vulnerability is fixed in 10.0.18.
Medium
CVSS: 6.5
GLPI is a free asset and IT management software package. Prior to version 10.0.18, a low privileged user can enable debug mode and access sensitive information. Version 10.0.18 contains a patch. As a workaround, one may delete the `install/…
Medium
CVSS: 6.3
GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.18, if a "Mail servers" authentication provider is configured to use an Oauth connection provided by the OauthIMAP plugin, anyone c…
Medium
CVSS: 6.9
GLPI is a free asset and IT management software package. Starting in version 0.72 and prior to version 10.0.18, an anonymous user can disable all the active plugins. Version 10.0.18 contains a patch. As a workaround, one may delete the `ins…
Medium
CVSS: 6.5
GLPI is a free asset and IT management software package. In versions prior to 10.0.18, a malicious link can be crafted to perform a reflected XSS attack on the search page. If the anonymous ticket creation is enabled, this attack can be per…
Medium
CVSS: 5.8
GLPI is a free asset and IT management software package. Starting in version 0.71 and prior to version 10.0.18, an anonymous user can fetch sensitive information from the `status.php` endpoint. Version 10.0.18 contains a fix for the issue.…
Medium
CVSS: 5.3
A vulnerability was found in GLPI up to 10.0.17. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument redirect leads to open redirect. The a…