Vulnerabilities > Glpi Project > Glpi > 9.4.5

DATE CVE VULNERABILITY TITLE RISK
2020-05-05 CVE-2020-11033 Information Exposure vulnerability in multiple products
In GLPI from version 9.1 and before version 9.4.6, any API user with READ right on User itemtype will have access to full list of users when querying apirest.php/User.
network
low complexity
glpi-project fedoraproject CWE-200
7.2
7.2
2020-05-05 CVE-2020-11032 SQL Injection vulnerability in Glpi-Project Glpi 9.4.5
In GLPI before version 9.4.6, there is a SQL injection vulnerability for all helpdesk instances.
network
low complexity
glpi-project CWE-89
7.2
7.2