Glpi-project

Glpi

201 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.26%
  • Veröffentlicht 30.07.2025 14:15:28
  • Zuletzt bearbeitet 04.08.2025 18:56:11

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 9.3.1 through 10.0.19, a connected user can use...

  • EPSS 0.19%
  • Veröffentlicht 30.07.2025 14:15:22
  • Zuletzt bearbeitet 04.08.2025 18:56:49

GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 9.1.0 through 10.0.18, a lack of permission checks can result in unauthorized removal of some spec...

  • EPSS 0.26%
  • Veröffentlicht 30.07.2025 14:14:25
  • Zuletzt bearbeitet 04.08.2025 18:56:30

GLPI is a Free Asset and IT Management Software package. In versions 0.80 through 10.0.18, a lack of permission checks can result in unauthorized access to some resources. This is fixed in version 10.0.19.

  • EPSS 0.19%
  • Veröffentlicht 29.07.2025 17:39:28
  • Zuletzt bearbeitet 04.08.2025 18:54:02

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In versions 9.5.0 through 10.0.18, a technician can use a malicious payload to trigger a stored XSS on the pr...

  • EPSS 17.47%
  • Veröffentlicht 18.03.2025 18:32:06
  • Zuletzt bearbeitet 01.08.2025 00:57:21

GLPI is a free asset and IT management software package. An authenticated user can upload and force the execution of *.php files located on the GLPI server. This vulnerability is fixed in 10.0.18.

  • EPSS 86.18%
  • Veröffentlicht 18.03.2025 18:27:54
  • Zuletzt bearbeitet 31.07.2025 18:45:03

GLPI is a free asset and IT management software package. An unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 10.0.18.

  • EPSS 0.41%
  • Veröffentlicht 18.03.2025 18:25:13
  • Zuletzt bearbeitet 31.07.2025 18:48:57

GLPI is a free asset and IT management software package. An administrator user can perfom a SQL injection through the rules configuration forms. This vulnerability is fixed in 10.0.18.

  • EPSS 0.42%
  • Veröffentlicht 25.02.2025 18:15:27
  • Zuletzt bearbeitet 28.02.2025 13:35:22

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.18, if a "Mail servers" authentication provider is configured to use an Oauth connection provided by the OauthIMAP plugin, anyone can connect...

  • EPSS 0.6%
  • Veröffentlicht 25.02.2025 18:15:27
  • Zuletzt bearbeitet 23.04.2025 18:46:00

GLPI is a free asset and IT management software package. Prior to version 10.0.18, a low privileged user can enable debug mode and access sensitive information. Version 10.0.18 contains a patch. As a workaround, one may delete the `install/update.php...

  • EPSS 0.26%
  • Veröffentlicht 25.02.2025 16:15:38
  • Zuletzt bearbeitet 04.03.2025 13:49:18

GLPI is a free asset and IT management software package. Starting in version 0.72 and prior to version 10.0.18, an anonymous user can disable all the active plugins. Version 10.0.18 contains a patch. As a workaround, one may delete the `install/updat...