Vulnerabilities > Glpi Project > Glpi > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-19 | CVE-2022-35914 | Injection vulnerability in Glpi-Project Glpi /vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection. | 9.8 |
| 2020-10-07 | CVE-2020-15175 | Files or Directories Accessible to External Parties vulnerability in Glpi-Project Glpi In GLPI before version 9.5.2, the `?pluginimage.send.php?` endpoint allows a user to specify an image from a plugin. | 9.1 |
| 2020-05-12 | CVE-2020-11060 | Cross-Site Request Forgery (CSRF) vulnerability in Glpi-Project Glpi In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality. | 9.0 |
| 2020-05-05 | CVE-2020-11035 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated using an insecure algorithm. | 9.3 |
| 2015-10-05 | CVE-2015-7684 | Unspecified vulnerability in Glpi-Project Glpi Unrestricted file upload in GLPI before 0.85.3 allows remote authenticated users to execute arbitrary code by adding a file with an executable extension as an attachment to a new ticket, then accessing it via a direct request to the file in files/_tmp/. | 9.0 |