CVE-2026-22821

Medium CVSS: 4.9

mreporting is the more reporting GLPI plugin. Prior to 1.9.4, there is a possible SQL injection on date change. This vulnerability is fixed in 1.9.4.

Vendor

Product

CWE

Yayın Tarihi

2026-02-12 19:15:51

Güncelleme

2026-02-20 18:20:33

Source Identifier

security-advisories@github.com

KEV Date Added

CWE-89 More Reporting MEDIUM Glpi-project 2026

https://github.com/pluginsGLPI/mreporting/commit/6f4a3caf9c1f7bbed1d910795d6e918d039f1f72 https://github.com/pluginsGLPI/mreporting/security/advisories/GHSA-24q7-h59q-33w8

High

CVE-2026-26001

The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents…

Medium

CVE-2026-25590

The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents…

Medium

CVE-2026-22044

GLPI is a free asset and IT management software package. From version 0.85 to before 10.0.23, an authenticated user can…

Medium

CVE-2026-22247

GLPI is a free asset and IT management software package. From version 11.0.0 to before 11.0.5, a GLPI administrator can…

Medium

CVE-2026-23624

GLPI is a free asset and IT management software package. In versions starting from 0.71 to before 10.0.23 and before 11.…

High

CVE-2025-66417

GLPI is a free asset and IT management software package. From 11.0.0, < 11.0.3, an unauthenticated user can perform a SQ…