Vulnerabilities > Glpi Project > Glpi
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-19 | CVE-2016-7509 | Cross-site Scripting vulnerability in Glpi-Project Glpi 0.90.4 Cross-site scripting (XSS) vulnerability in GLPI 0.90.4 allows remote authenticated attackers to inject arbitrary web script or HTML by attaching a crafted HTML file to a ticket. | 5.4 |
| 2017-07-19 | CVE-2016-7507 | Cross-Site Request Forgery (CSRF) vulnerability in Glpi-Project Glpi 0.90.4 Cross-Site Request Forgery (CSRF) vulnerability in GLPI 0.90.4 allows remote authenticated attackers to submit a request that could lead to the creation of an admin account in the application. | 8.0 |
| 2017-07-17 | CVE-2017-11329 | SQL Injection vulnerability in Glpi-Project Glpi GLPI before 9.1.5 allows SQL injection via an ajax/getDropdownValue.php request with an entity_restrict parameter that is not a list of integers. | 9.8 |
| 2017-06-21 | CVE-2016-7508 | SQL Injection vulnerability in Glpi-Project Glpi 0.90.4 Multiple SQL injection vulnerabilities in GLPI 0.90.4 allow an authenticated remote attacker to execute arbitrary SQL commands by using a certain character when the database is configured to use Big5 Asian encoding. | 7.5 |