- EPSS 4.14%
- Veröffentlicht 05.10.2015 14:59:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
Unrestricted file upload in GLPI before 0.85.3 allows remote authenticated users to execute arbitrary code by adding a file with an executable extension as an attachment to a new ticket, then accessing it via a direct request to the file in files/_tm...
CVE-2014-8360
- EPSS 2.85%
- Veröffentlicht 14.04.2015 18:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
Directory traversal vulnerability in inc/autoload.function.php in GLPI before 0.84.8 allows remote attackers to include and execute arbitrary local files via a .._ (dot dot underscore) in an item type to the getItemForItemtype, as demonstrated by the...
- EPSS 2.12%
- Veröffentlicht 14.04.2015 18:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
GLPI before 0.84.7 does not properly restrict access to cost information, which allows remote attackers to obtain sensitive information via the cost criteria in the search bar.
CVE-2014-9258
- EPSS 3.17%
- Veröffentlicht 19.12.2014 15:59:17
- Zuletzt bearbeitet 06.05.2026 22:30:45
SQL injection vulnerability in ajax/getDropdownValue.php in GLPI before 0.85.1 allows remote authenticated users to execute arbitrary SQL commands via the condition parameter.
CVE-2013-2225
- EPSS 7.56%
- Veröffentlicht 27.05.2014 14:55:09
- Zuletzt bearbeitet 06.05.2026 22:30:45
inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the _predefined_fields parameter to front/ticket.form.php.
CVE-2013-2226
- EPSS 2.77%
- Veröffentlicht 14.05.2014 19:55:08
- Zuletzt bearbeitet 06.05.2026 22:30:45
Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow remote attackers to execute arbitrary SQL commands via the (1) users_id_assign parameter to ajax/ticketassigninformation.php, (2) filename parameter to front/document.form.php, or (3)...
CVE-2013-5696
- EPSS 7.86%
- Veröffentlicht 23.09.2013 03:49:27
- Zuletzt bearbeitet 29.04.2026 01:13:23
inc/central.class.php in GLPI before 0.84.2 does not attempt to make install/install.php unavailable after an installation is completed, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and (1) perform a SQL injecti...
CVE-2012-4002
- EPSS 1%
- Veröffentlicht 09.10.2012 23:55:04
- Zuletzt bearbeitet 16.06.2026 23:44:15
Cross-site request forgery (CSRF) vulnerability in GLPI-PROJECT GLPI before 0.83.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2012-4003
- EPSS 1.82%
- Veröffentlicht 09.10.2012 23:55:04
- Zuletzt bearbeitet 16.06.2026 23:44:15
Multiple cross-site scripting (XSS) vulnerabilities in GLPI-PROJECT GLPI before 0.83.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2012-1037
- EPSS 1.31%
- Veröffentlicht 12.07.2012 20:55:10
- Zuletzt bearbeitet 16.06.2026 23:38:52
PHP remote file inclusion vulnerability in front/popup.php in GLPI 0.78 through 0.80.61 allows remote authenticated users to execute arbitrary PHP code via a URL in the sub_type parameter.