Glpi-project

Glpi

201 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 1.02%
  • Veröffentlicht 05.05.2020 21:15:11
  • Zuletzt bearbeitet 21.11.2024 04:56:37

In GLPI before version 9.4.6, there is a SQL injection vulnerability for all helpdesk instances. Exploiting this vulnerability requires a technician account. This is fixed in version 9.4.6.

Exploit
  • EPSS 12.98%
  • Veröffentlicht 01.11.2019 17:15:10
  • Zuletzt bearbeitet 21.11.2024 01:51:17

GLPI 0.83.7 has Local File Inclusion in common.tabs.php.

Exploit
  • EPSS 2.23%
  • Veröffentlicht 25.09.2019 20:15:10
  • Zuletzt bearbeitet 21.11.2024 04:27:06

GLPI through 9.4.3 is prone to account takeover by abusing the ajax/autocompletion.php autocompletion feature. The lack of correct validation leads to recovery of the token generated via the password reset functionality, and thus an authenticated att...

Exploit
  • EPSS 0.76%
  • Veröffentlicht 15.07.2019 18:15:12
  • Zuletzt bearbeitet 21.11.2024 04:18:09

GLPI GLPI Product 9.3.1 is affected by: Cross Site Scripting (XSS). The impact is: All dropdown values are vulnerable to XSS leading to privilege escalation and executing js on admin. The component is: /glpi/ajax/getDropDownValue.php. The attack vect...

  • EPSS 0.72%
  • Veröffentlicht 12.07.2019 18:15:11
  • Zuletzt bearbeitet 21.11.2024 04:18:09

GLPI GLPI Product 9.3.1 is affected by: Frame and Form tags Injection allowing admins to phish users by putting code in reminder description. The impact is: Admins can phish any user or group of users for credentials / credit cards. The component is:...

Exploit
  • EPSS 1.75%
  • Veröffentlicht 10.07.2019 14:15:11
  • Zuletzt bearbeitet 21.11.2024 04:24:31

An issue was discovered in GLPI before 9.4.1. After a successful password reset by a user, it is possible to change that user's password again during the next 24 hours without any information except the associated email address.

Exploit
  • EPSS 1.33%
  • Veröffentlicht 04.07.2019 15:15:11
  • Zuletzt bearbeitet 21.11.2024 04:24:31

inc/user.class.php in GLPI before 9.4.3 allows XSS via a user picture.

  • EPSS 1.39%
  • Veröffentlicht 27.03.2019 17:29:02
  • Zuletzt bearbeitet 21.11.2024 04:18:42

Teclib GLPI before 9.4.1.1 is affected by a timing attack associated with a cookie.

  • EPSS 1.22%
  • Veröffentlicht 02.07.2018 11:29:00
  • Zuletzt bearbeitet 21.11.2024 03:46:18

The constructSQL function in inc/search.class.php in GLPI 9.2.x through 9.3.0 allows SQL Injection, as demonstrated by triggering a crafted LIMIT clause to front/computer.php.

  • EPSS 1.72%
  • Veröffentlicht 12.03.2018 21:29:01
  • Zuletzt bearbeitet 21.11.2024 04:12:22

A remote code execution issue was discovered in GLPI through 9.2.1. There is a race condition that allows temporary access to an uploaded executable file that will be disallowed. The application allows an authenticated user to upload a file when he/s...