Glpi-project

Glpi

201 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 4.7%
  • Veröffentlicht 15.09.2021 17:15:10
  • Zuletzt bearbeitet 21.11.2024 06:18:54

GLPI is a free Asset and IT management software package. Starting in version 9.2 and prior to version 9.5.6, the telemetry endpoint discloses GLPI and server information. This issue is fixed in version 9.5.6. As a workaround, remove the file `ajax/te...

  • EPSS 1.05%
  • Veröffentlicht 15.09.2021 17:15:10
  • Zuletzt bearbeitet 21.11.2024 06:18:55

GLPI is a free Asset and IT management software package. Starting in version 9.1 and prior to version 9.5.6, GLPI with API Rest enabled is vulnerable to API bypass with custom header injection. This issue is fixed in version 9.5.6. One may disable AP...

  • EPSS 0.54%
  • Veröffentlicht 15.09.2021 16:15:07
  • Zuletzt bearbeitet 21.11.2024 06:18:54

GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, a user who is logged in to GLPI can bypass Cross-Site Request Forgery (CSRF) protection in many places. This could allow a malicious actor to perform many actions on...

Exploit
  • EPSS 1.39%
  • Veröffentlicht 26.05.2021 22:15:08
  • Zuletzt bearbeitet 21.11.2024 06:21:39

GLPi 9.5.4 does not sanitize the metadata. This way its possible to insert XSS into plugins to execute JavaScript code.

  • EPSS 1.38%
  • Veröffentlicht 08.03.2021 17:15:13
  • Zuletzt bearbeitet 21.11.2024 05:48:01

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 it is possible to create tickets for another user with self-service interf...

Exploit
  • EPSS 2.25%
  • Veröffentlicht 08.03.2021 17:15:13
  • Zuletzt bearbeitet 21.11.2024 05:48:01

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 non-authenticated user can remotely instantiate object of any class existi...

Exploit
  • EPSS 1.42%
  • Veröffentlicht 08.03.2021 17:15:12
  • Zuletzt bearbeitet 21.11.2024 05:48:01

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 there is an Insecure Direct Object Reference (IDOR) on "Solutions". This v...

  • EPSS 0.63%
  • Veröffentlicht 08.03.2021 17:15:12
  • Zuletzt bearbeitet 21.11.2024 05:48:01

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 a new budget type can be defined by user. This input is not correctly filt...

  • EPSS 0.59%
  • Veröffentlicht 03.03.2021 20:15:12
  • Zuletzt bearbeitet 21.11.2024 05:47:59

GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability within the document upload function (Home > Manage...

  • EPSS 0.92%
  • Veröffentlicht 03.03.2021 20:15:12
  • Zuletzt bearbeitet 21.11.2024 05:48:00

GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability in the /ajax/common.tabs.php endpoint, indeed, at ...