Vulnerabilities > Glpi Project > Glpi > 9.1.0

DATE CVE VULNERABILITY TITLE RISK
2020-10-07 CVE-2020-15175 Files or Directories Accessible to External Parties vulnerability in Glpi-Project Glpi
In GLPI before version 9.5.2, the `?pluginimage.send.php?` endpoint allows a user to specify an image from a plugin.
network
low complexity
glpi-project CWE-552
critical
 9.1
9.1
2020-09-23 CVE-2020-11031 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Glpi-Project Glpi
In GLPI before version 9.5.0, the encryption algorithm used is insecure.
network
low complexity
glpi-project CWE-327
5.0
5.0
2020-07-17 CVE-2020-15108 SQL Injection vulnerability in Glpi-Project Glpi
In glpi before 9.5.1, there is a SQL injection for all usages of "Clone" feature.
network
low complexity
glpi-project CWE-89
4.0
4.0
2020-05-12 CVE-2020-11062 Cross-site Scripting vulnerability in Glpi-Project Glpi
In GLPI after 0.68.1 and before 9.4.6, multiple reflexive XSS occur in Dropdown endpoints due to an invalid Content-Type. 		3.5
3.5
2020-05-12 CVE-2020-11060 Cross-Site Request Forgery (CSRF) vulnerability in Glpi-Project Glpi
In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality.
network
low complexity
glpi-project CWE-352
critical
 9.0
9.0
2020-05-12 CVE-2020-5248 Use of Hard-coded Credentials vulnerability in Glpi-Project Glpi
GLPI before before version 9.4.6 has a vulnerability involving a default encryption key.
network
low complexity
glpi-project CWE-798
5.0
5.0
2020-05-05 CVE-2020-11036 Cross-site Scripting vulnerability in Glpi-Project Glpi
In GLPI before version 9.4.6 there are multiple related stored XSS vulnerabilities.
network
low complexity
glpi-project CWE-79
5.4
5.4
2020-05-05 CVE-2020-11035 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated using an insecure algorithm.
network
low complexity
glpi-project fedoraproject CWE-327
critical
 9.3
9.3
2020-05-05 CVE-2020-11034 Open Redirect vulnerability in Glpi-Project Glpi
In GLPI before version 9.4.6, there is a vulnerability that allows bypassing the open redirect protection based which is based on a regexp.
network
low complexity
glpi-project CWE-601
6.1
6.1
2020-05-05 CVE-2020-11033 Information Exposure vulnerability in multiple products
In GLPI from version 9.1 and before version 9.4.6, any API user with READ right on User itemtype will have access to full list of users when querying apirest.php/User.
network
low complexity
glpi-project fedoraproject CWE-200
7.2
7.2