Vulnerabilities > Glpi Project > Glpi > 0.84.2

DATE CVE VULNERABILITY TITLE RISK
2015-04-14 CVE-2014-5032 Permissions, Privileges, and Access Controls vulnerability in Glpi-Project Glpi
GLPI before 0.84.7 does not properly restrict access to cost information, which allows remote attackers to obtain sensitive information via the cost criteria in the search bar.
network
low complexity
glpi-project CWE-264
5.0
5.0
2014-12-19 CVE-2014-9258 SQL Injection vulnerability in Glpi-Project Glpi
SQL injection vulnerability in ajax/getDropdownValue.php in GLPI before 0.85.1 allows remote authenticated users to execute arbitrary SQL commands via the condition parameter.
network
low complexity
glpi-project CWE-89
6.5
6.5