Glpi-project

Glpi

176 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2021-21327

Exploit
  • EPSS 0.3%
  • Published 08.03.2021 17:15:13
  • Last modified 21.11.2024 05:48:01

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 non-authenticated user can remotely instantiate object of any class existi...

6.5

CVE-2021-21324

Exploit
  • EPSS 0.31%
  • Published 08.03.2021 17:15:12
  • Last modified 21.11.2024 05:48:01

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 there is an Insecure Direct Object Reference (IDOR) on "Solutions". This v...

4.8

CVE-2021-21325

  • EPSS 0.51%
  • Published 08.03.2021 17:15:12
  • Last modified 21.11.2024 05:48:01

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 a new budget type can be defined by user. This input is not correctly filt...

4.8

CVE-2021-21312

  • EPSS 0.32%
  • Published 03.03.2021 20:15:12
  • Last modified 21.11.2024 05:47:59

GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability within the document upload function (Home > Manage...

6.1

CVE-2021-21313

  • EPSS 0.39%
  • Published 03.03.2021 20:15:12
  • Last modified 21.11.2024 05:48:00

GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability in the /ajax/common.tabs.php endpoint, indeed, at ...

4.8

CVE-2021-21314

  • EPSS 0.32%
  • Published 03.03.2021 20:15:12
  • Last modified 21.11.2024 05:48:00

GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is an XSS vulnerability involving a logged in user while updating a t...

5.7

CVE-2021-21255

  • EPSS 0.27%
  • Published 02.03.2021 20:15:14
  • Last modified 21.11.2024 05:47:52

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI version 9.5.3, it was possible to switch entities with IDOR from a logged in user. This is fixe...

5.4

CVE-2021-21258

  • EPSS 0.28%
  • Published 02.03.2021 20:15:14
  • Last modified 21.11.2024 05:47:52

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI from version 9.5.0 and before version 9.5.4, there is a cross-site scripting injection vulnerab...

4.3

CVE-2020-27662

  • EPSS 0.23%
  • Published 26.11.2020 17:15:11
  • Last modified 21.11.2024 05:21:37

In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any database table (e.g., glpi_tickets, glpi_users, etc.).

4.3

CVE-2020-27663

  • EPSS 0.23%
  • Published 26.11.2020 17:15:11
  • Last modified 21.11.2024 05:21:37

In GLPI before 9.5.3, ajax/getDropdownValue.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any itemType (e.g., Ticket, Users, etc.).