Glpi-project

Glpi

201 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.58%
  • Veröffentlicht 05.07.2023 21:15:09
  • Zuletzt bearbeitet 21.11.2024 08:09:01

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a on a file accessible by an authenticated user (or not for certain actions), allows a threat actor to intera...

  • EPSS 0.66%
  • Veröffentlicht 05.07.2023 21:15:09
  • Zuletzt bearbeitet 21.11.2024 08:09:01

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a file allows an unauthenticated user to be able to access dashboards data. Version 10.0.8 contains a patch f...

  • EPSS 0.57%
  • Veröffentlicht 05.07.2023 20:15:10
  • Zuletzt bearbeitet 21.11.2024 08:06:33

GLPI is a free asset and IT management software package. Versions of the software starting with 9.2.0 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user, allows access to the view all KnowbaseItems. ...

  • EPSS 0.51%
  • Veröffentlicht 05.07.2023 20:15:10
  • Zuletzt bearbeitet 21.11.2024 08:06:51

GLPI is a free asset and IT management software package. Starting in version 9.4.0 and prior to version 10.0.8, a malicious link can be crafted by an unauthenticated user that can exploit a reflected XSS in case any authenticated user opens the craft...

  • EPSS 52.38%
  • Veröffentlicht 05.07.2023 20:15:10
  • Zuletzt bearbeitet 21.11.2024 08:08:59

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.8, GLPI inventory endpoint can be used to drive a SQL injection attack. By default, GLPI inventory endpoint requires no authentication. Vers...

  • EPSS 0.57%
  • Veröffentlicht 05.07.2023 18:15:10
  • Zuletzt bearbeitet 21.11.2024 08:06:33

GLPI is a free asset and IT management software package. Versions of the software starting with 0.68 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user. This allows access to the list of all users an...

  • EPSS 0.58%
  • Veröffentlicht 05.04.2023 18:15:08
  • Zuletzt bearbeitet 21.11.2024 07:55:42

GLPI is a free asset and IT management software package. Starting in version 0.60 and prior to versions 9.5.13 and 10.0.7, a vulnerability allows an administrator to create a malicious external link. This issue is fixed in versions 9.5.13 and 10.0.7.

  • EPSS 0.61%
  • Veröffentlicht 05.04.2023 18:15:08
  • Zuletzt bearbeitet 21.11.2024 07:55:43

GLPI is a free asset and IT management software package. Starting in version 0.85 and prior to versions 9.5.13 and 10.0.7, a malicious link can be crafted by an unauthenticated user. It will be able to exploit a reflected XSS in case any authenticate...

  • EPSS 0.77%
  • Veröffentlicht 05.04.2023 18:15:08
  • Zuletzt bearbeitet 21.11.2024 07:56:07

GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 9.5.13 and 10.0.7, a SQL Injection vulnerability allow users with access rights to statistics or reports to extract all data from database and, in...

  • EPSS 0.49%
  • Veröffentlicht 05.04.2023 18:15:08
  • Zuletzt bearbeitet 21.11.2024 07:56:09

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.7, GLPI inventory endpoint can be used to drive a SQL injection attack. It can also be used to store malicious code that could be used to pe...