CVE-2026-26001
- EPSS 0.04%
- Veröffentlicht 17.03.2026 23:18:01
- Zuletzt bearbeitet 23.03.2026 18:14:43
The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, non sanitized user input can lend to an SQL injection from reports, with adequate rights. This vulnerability is ...
CVE-2026-25590
- EPSS 0.03%
- Veröffentlicht 03.03.2026 22:14:01
- Zuletzt bearbeitet 05.03.2026 21:23:06
The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, there is a reflected XSS vulnerability in task jobs. This vulnerability is fixed in 1.6.6.
CVE-2022-31082
- EPSS 0.28%
- Veröffentlicht 27.06.2022 21:15:08
- Zuletzt bearbeitet 21.11.2024 07:03:51
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. glpi-inventory-plugin is a plugin for GLPI to handle inventory management. In affected versions a SQL injecti...
CVE-2022-31062
- EPSS 22.7%
- Veröffentlicht 20.06.2022 22:15:07
- Zuletzt bearbeitet 21.11.2024 07:03:48
### Impact A plugin public script can be used to read content of system files. ### Patches Upgrade to version 1.0.2. ### Workarounds `b/deploy/index.php` file can be deleted if deploy feature is not used.