Glpi-project

Glpi

201 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 8.74%
  • Veröffentlicht 06.04.2026 14:36:57
  • Zuletzt bearbeitet 07.04.2026 16:02:38

GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated time-based blind SQL injection exists in GLPI's Search engine. This vulnerability is fixed in 11.0.6.

  • EPSS 0.19%
  • Veröffentlicht 06.04.2026 14:35:53
  • Zuletzt bearbeitet 07.04.2026 16:02:54

GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated user can store an XSS payload through the inventory endpoint. This vulnerability is fixed in 11.0.6.

  • EPSS 0.37%
  • Veröffentlicht 06.04.2026 14:33:05
  • Zuletzt bearbeitet 07.04.2026 16:03:34

GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, template injection by an administrator lead to RCE. This vulnerability is fixed in 11.0.6.

  • EPSS 0.28%
  • Veröffentlicht 06.04.2026 14:31:02
  • Zuletzt bearbeitet 07.04.2026 16:04:32

GLPI is a Free Asset and IT Management Software package. From 0.60 to before 10.0.24, an authenticated technician user can store an XSS payload in a supplier fields. This vulnerability is fixed in 10.0.24.

  • EPSS 0.29%
  • Veröffentlicht 17.03.2026 23:16:38
  • Zuletzt bearbeitet 23.03.2026 18:16:40

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, a malicious actor with knowledge of a user's credentials can bypass MFA and steal their account. Version 11.0.6 fixes the issue.

  • EPSS 0.34%
  • Veröffentlicht 17.03.2026 19:41:32
  • Zuletzt bearbeitet 19.03.2026 19:30:14

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, an authenticated user can perfom a SQL injection. Version 11.0.6 fixes the issue.

  • EPSS 0.32%
  • Veröffentlicht 11.03.2026 15:27:04
  • Zuletzt bearbeitet 20.03.2026 14:29:50

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. From 11.0.0 to before 11.0.5, an authenticated technician user can upload a malicious file and trigger ...

  • EPSS 0.26%
  • Veröffentlicht 04.02.2026 17:15:39
  • Zuletzt bearbeitet 06.02.2026 21:19:53

GLPI is a free asset and IT management software package. From version 0.85 to before 10.0.23, an authenticated user can perform a SQL injection. This issue has been patched in version 10.0.23.

  • EPSS 0.37%
  • Veröffentlicht 04.02.2026 17:15:33
  • Zuletzt bearbeitet 06.02.2026 21:18:17

GLPI is a free asset and IT management software package. In versions starting from 0.71 to before 10.0.23 and before 11.0.5, when remote authentication is used, based on SSO variables, a user can steal a GLPI session previously opened by another user...

  • EPSS 0.32%
  • Veröffentlicht 04.02.2026 17:10:30
  • Zuletzt bearbeitet 06.02.2026 21:19:00

GLPI is a free asset and IT management software package. From version 11.0.0 to before 11.0.5, a GLPI administrator can perform SSRF request through the Webhook feature. This issue has been patched in version 11.0.5.