Glpi-project

Glpi

179 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2025-53111

  • EPSS 0.07%
  • Veröffentlicht 30.07.2025 14:14:25
  • Zuletzt bearbeitet 04.08.2025 18:56:30

GLPI is a Free Asset and IT Management Software package. In versions 0.80 through 10.0.18, a lack of permission checks can result in unauthorized access to some resources. This is fixed in version 10.0.19.

5.4

CVE-2025-27514

  • EPSS 0.05%
  • Veröffentlicht 29.07.2025 17:39:28
  • Zuletzt bearbeitet 04.08.2025 18:54:02

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In versions 9.5.0 through 10.0.18, a technician can use a malicious payload to trigger a stored XSS on the pr...

8.8

CVE-2025-24801

  • EPSS 0.1%
  • Veröffentlicht 18.03.2025 18:32:06
  • Zuletzt bearbeitet 01.08.2025 00:57:21

GLPI is a free asset and IT management software package. An authenticated user can upload and force the execution of *.php files located on the GLPI server. This vulnerability is fixed in 10.0.18.

9.8

CVE-2025-24799

  • EPSS 63.76%
  • Veröffentlicht 18.03.2025 18:27:54
  • Zuletzt bearbeitet 31.07.2025 18:45:03

GLPI is a free asset and IT management software package. An unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 10.0.18.

9.8

CVE-2025-21619

  • EPSS 0.2%
  • Veröffentlicht 18.03.2025 18:25:13
  • Zuletzt bearbeitet 31.07.2025 18:48:57

GLPI is a free asset and IT management software package. An administrator user can perfom a SQL injection through the rules configuration forms. This vulnerability is fixed in 10.0.18.

7.5

CVE-2025-23046

  • EPSS 0.07%
  • Veröffentlicht 25.02.2025 18:15:27
  • Zuletzt bearbeitet 28.02.2025 13:35:22

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.18, if a "Mail servers" authentication provider is configured to use an Oauth connection provided by the OauthIMAP plugin, anyone can connect...

6.5

CVE-2025-25192

  • EPSS 0.16%
  • Veröffentlicht 25.02.2025 18:15:27
  • Zuletzt bearbeitet 23.04.2025 18:46:00

GLPI is a free asset and IT management software package. Prior to version 10.0.18, a low privileged user can enable debug mode and access sensitive information. Version 10.0.18 contains a patch. As a workaround, one may delete the `install/update.php...

4.3

CVE-2025-23024

  • EPSS 0.09%
  • Veröffentlicht 25.02.2025 16:15:38
  • Zuletzt bearbeitet 04.03.2025 13:49:18

GLPI is a free asset and IT management software package. Starting in version 0.72 and prior to version 10.0.18, an anonymous user can disable all the active plugins. Version 10.0.18 contains a patch. As a workaround, one may delete the `install/updat...

6.1

CVE-2024-11955

Exploit
  • EPSS 0.13%
  • Veröffentlicht 25.02.2025 16:15:37
  • Zuletzt bearbeitet 04.03.2025 13:49:18

A vulnerability was found in GLPI up to 10.0.17. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument redirect leads to open redirect. The attack can ...

6.5

CVE-2025-21626

  • EPSS 0.16%
  • Veröffentlicht 25.02.2025 16:15:37
  • Zuletzt bearbeitet 04.03.2025 13:49:18

GLPI is a free asset and IT management software package. Starting in version 0.71 and prior to version 10.0.18, an anonymous user can fetch sensitive information from the `status.php` endpoint. Version 10.0.18 contains a fix for the issue. Some worka...