Glpi-project

Glpi

201 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.59%
  • Veröffentlicht 03.03.2021 20:15:12
  • Zuletzt bearbeitet 21.11.2024 05:48:00

GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is an XSS vulnerability involving a logged in user while updating a t...

  • EPSS 0.85%
  • Veröffentlicht 02.03.2021 20:15:14
  • Zuletzt bearbeitet 21.11.2024 05:47:52

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI version 9.5.3, it was possible to switch entities with IDOR from a logged in user. This is fixe...

  • EPSS 0.65%
  • Veröffentlicht 02.03.2021 20:15:14
  • Zuletzt bearbeitet 21.11.2024 05:47:52

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI from version 9.5.0 and before version 9.5.4, there is a cross-site scripting injection vulnerab...

  • EPSS 0.69%
  • Veröffentlicht 26.11.2020 17:15:11
  • Zuletzt bearbeitet 21.11.2024 05:21:37

In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any database table (e.g., glpi_tickets, glpi_users, etc.).

  • EPSS 0.86%
  • Veröffentlicht 26.11.2020 17:15:11
  • Zuletzt bearbeitet 21.11.2024 05:21:37

In GLPI before 9.5.3, ajax/getDropdownValue.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any itemType (e.g., Ticket, Users, etc.).

Exploit
  • EPSS 1.16%
  • Veröffentlicht 25.11.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 05:19:32

GLPI stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.3, any authenticated user...

Exploit
  • EPSS 1.04%
  • Veröffentlicht 07.10.2020 20:15:11
  • Zuletzt bearbeitet 21.11.2024 05:05:08

In GLPI before version 9.5.2, there is a SQL Injection in the API's search function. Not only is it possible to break the SQL syntax, but it is also possible to utilise a UNION SELECT query to reflect sensitive information such as the current databas...

  • EPSS 71.35%
  • Veröffentlicht 07.10.2020 19:15:12
  • Zuletzt bearbeitet 21.11.2024 05:05:00

In GLPI before version 9.5.2, the `​pluginimage.send.php​` endpoint allows a user to specify an image from a plugin. The parameters can be maliciously crafted to instead delete the .htaccess file for the files directory. Any user becomes able to read...

  • EPSS 1.14%
  • Veröffentlicht 07.10.2020 19:15:12
  • Zuletzt bearbeitet 21.11.2024 05:05:00

In GLPI before version 9.5.2, when supplying a back tick in input that gets put into a SQL query,the application does not escape or sanitize allowing for SQL Injection to occur. Leveraging this vulnerability an attacker is able to exfiltrate sensitiv...

  • EPSS 0.77%
  • Veröffentlicht 07.10.2020 19:15:12
  • Zuletzt bearbeitet 21.11.2024 05:05:00

In GLPI before version 9.5.2, the `install/install.php` endpoint insecurely stores user input into the database as `url_base` and `url_base_api`. These settings are referenced throughout the application and allow for vulnerabilities like Cross-Site S...