Glpi-project

Glpi

201 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.31%
  • Veröffentlicht 28.06.2026 11:00:05
  • Zuletzt bearbeitet 30.06.2026 19:16:27

A security vulnerability has been detected in glpi-project glpi 11.0.5/11.0.6/11.0.7. This affects the function Document::canViewFile of the file front/document.send.php of the component Document Handler. Such manipulation of the argument docid leads...

  • EPSS 0.34%
  • Veröffentlicht 03.06.2026 15:25:17
  • Zuletzt bearbeitet 04.06.2026 15:41:35

GLPI is a free asset and IT management software package. Starting in version 10.0.4 and prior to version 10.0.25, a technician can store an XSS payload in the asset locked tab. Upgrade to 10.0.25 or 11.0.7 to receive a patch.

  • EPSS 0.24%
  • Veröffentlicht 03.06.2026 15:23:46
  • Zuletzt bearbeitet 04.06.2026 15:41:35

GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 10.0.25 and 11.0.7, a technician can read arbitrary files inside the GLPI_DOC_DIR. Upgrade to 10.0.25 or 11.0.7 to receive a patch.

  • EPSS 0.29%
  • Veröffentlicht 03.06.2026 15:17:16
  • Zuletzt bearbeitet 04.06.2026 15:41:35

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to versions 10.0.25 and 11.0.7, low privilege users with access to planning can delete any object in GLPI. Upgrade to 11.0.7 or 10.0.25 to receive a patch. A...

  • EPSS 0.35%
  • Veröffentlicht 03.06.2026 15:16:02
  • Zuletzt bearbeitet 04.06.2026 15:41:35

GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, a technician can delete arbitrary files from the filesystem as long as the webserver has write rights on them. Upgrade to 10.0...

  • EPSS 0.25%
  • Veröffentlicht 03.06.2026 14:06:12
  • Zuletzt bearbeitet 04.06.2026 15:41:35

GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, an authenticated user with config READ permission can read a specific asset object. Upgrade to 11.0.7 or 10.0.25 to receive a ...

  • EPSS 0.27%
  • Veröffentlicht 02.06.2026 23:16:37
  • Zuletzt bearbeitet 04.06.2026 15:41:35

GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, a technician can store an XSS payload in a ITIL costs. This issue has been fixed in version 11.0.7.

  • EPSS 0.42%
  • Veröffentlicht 02.06.2026 18:32:01
  • Zuletzt bearbeitet 04.06.2026 15:23:52

An unauthenticated user with write access to the knowledge base can store an XSS payload in a knowledge base item. This issue affects glpi: before 11.0.7.

  • EPSS 0.22%
  • Veröffentlicht 19.05.2026 00:16:37
  • Zuletzt bearbeitet 21.05.2026 23:57:48

GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, an authenticated user with forms READ permission can export the structure of unauthorized forms. This issue has been fixed in version 11.0.7.

  • EPSS 0.39%
  • Veröffentlicht 06.04.2026 14:39:15
  • Zuletzt bearbeitet 07.04.2026 16:02:15

GLPI is a free asset and IT management software package. From 10.0.0 to before 10.0.24 and 11.0.6, an authenticated user can perform a SQL injection via the logs export feature. This vulnerability is fixed in 10.0.24 and 11.0.6.