Vulnerabilities > Glpi Project > Glpi > 0.21
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-07 | CVE-2020-15175 | Unspecified vulnerability in Glpi-Project Glpi In GLPI before version 9.5.2, the `?pluginimage.send.php?` endpoint allows a user to specify an image from a plugin. | 9.1 |
| 2020-09-23 | CVE-2020-11031 | Unspecified vulnerability in Glpi-Project Glpi In GLPI before version 9.5.0, the encryption algorithm used is insecure. | 7.5 |
| 2020-07-17 | CVE-2020-15108 | SQL Injection vulnerability in Glpi-Project Glpi In glpi before 9.5.1, there is a SQL injection for all usages of "Clone" feature. | 7.1 |
| 2020-05-12 | CVE-2020-11060 | Cross-Site Request Forgery (CSRF) vulnerability in Glpi-Project Glpi In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality. | 8.8 |
| 2020-05-12 | CVE-2020-5248 | Use of Hard-coded Credentials vulnerability in Glpi-Project Glpi GLPI before before version 9.4.6 has a vulnerability involving a default encryption key. | 5.3 |
| 2020-05-05 | CVE-2020-11036 | Cross-site Scripting vulnerability in Glpi-Project Glpi In GLPI before version 9.4.6 there are multiple related stored XSS vulnerabilities. | 5.4 |
| 2020-05-05 | CVE-2020-11034 | Open Redirect vulnerability in Glpi-Project Glpi In GLPI before version 9.4.6, there is a vulnerability that allows bypassing the open redirect protection based which is based on a regexp. | 6.1 |
| 2019-09-25 | CVE-2019-14666 | Information Exposure vulnerability in Glpi-Project Glpi GLPI through 9.4.3 is prone to account takeover by abusing the ajax/autocompletion.php autocompletion feature. | 8.8 |
| 2019-07-10 | CVE-2019-13240 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Glpi-Project Glpi An issue was discovered in GLPI before 9.4.1. | 5.9 |
| 2019-03-27 | CVE-2019-10233 | Information Exposure Through Discrepancy vulnerability in Glpi-Project Glpi Teclib GLPI before 9.4.1.1 is affected by a timing attack associated with a cookie. | 8.1 |