Vulnerabilities > Glpi Project > Glpi

DATE CVE VULNERABILITY TITLE RISK
2020-05-12 CVE-2020-5248 Use of Hard-coded Credentials vulnerability in Glpi-Project Glpi
GLPI before before version 9.4.6 has a vulnerability involving a default encryption key.
network
low complexity
glpi-project CWE-798
5.3
5.3
2020-05-05 CVE-2020-11036 Cross-site Scripting vulnerability in Glpi-Project Glpi
In GLPI before version 9.4.6 there are multiple related stored XSS vulnerabilities.
network
low complexity
glpi-project CWE-79
5.4
5.4
2020-05-05 CVE-2020-11035 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated using an insecure algorithm.
network
low complexity
glpi-project fedoraproject CWE-327
critical
 9.3
9.3
2020-05-05 CVE-2020-11034 Open Redirect vulnerability in Glpi-Project Glpi
In GLPI before version 9.4.6, there is a vulnerability that allows bypassing the open redirect protection based which is based on a regexp.
network
low complexity
glpi-project CWE-601
6.1
6.1
2020-05-05 CVE-2020-11033 Information Exposure vulnerability in multiple products
In GLPI from version 9.1 and before version 9.4.6, any API user with READ right on User itemtype will have access to full list of users when querying apirest.php/User.
network
low complexity
glpi-project fedoraproject CWE-200
7.2
7.2
2020-05-05 CVE-2020-11032 SQL Injection vulnerability in Glpi-Project Glpi 9.4.5
In GLPI before version 9.4.6, there is a SQL injection vulnerability for all helpdesk instances.
network
low complexity
glpi-project CWE-89
7.2
7.2
2019-11-01 CVE-2013-2227 Improper Input Validation vulnerability in multiple products
GLPI 0.83.7 has Local File Inclusion in common.tabs.php.
network
low complexity
glpi-project debian CWE-20
7.5
7.5
2019-09-25 CVE-2019-14666 Information Exposure vulnerability in Glpi-Project Glpi
GLPI through 9.4.3 is prone to account takeover by abusing the ajax/autocompletion.php autocompletion feature.
network
low complexity
glpi-project CWE-200
8.8
8.8
2019-07-15 CVE-2019-1010307 Cross-site Scripting vulnerability in Glpi-Project Glpi 9.3.1
GLPI GLPI Product 9.3.1 is affected by: Cross Site Scripting (XSS).
network
low complexity
glpi-project CWE-79
5.4
5.4
2019-07-12 CVE-2019-1010310 Injection vulnerability in Glpi-Project Glpi 9.3.1
GLPI GLPI Product 9.3.1 is affected by: Frame and Form tags Injection allowing admins to phish users by putting code in reminder description.
network
low complexity
glpi-project CWE-74
3.5
3.5