Vulnerabilities > Glpi Project > Glpi > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-03 | CVE-2022-39323 | SQL Injection vulnerability in Glpi-Project Glpi GLPI stands for Gestionnaire Libre de Parc Informatique. | 9.8 |
| 2022-09-19 | CVE-2022-35914 | Injection vulnerability in Glpi-Project Glpi /vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection. | 9.8 |
| 2022-09-14 | CVE-2022-35947 | Unspecified vulnerability in Glpi-Project Glpi GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. | 9.8 |
| 2022-06-28 | CVE-2022-31061 | Unspecified vulnerability in Glpi-Project Glpi GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. | 9.8 |
| 2022-06-28 | CVE-2022-31056 | Unspecified vulnerability in Glpi-Project Glpi 10.0.0/10.0.1 GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. | 9.8 |
| 2022-03-28 | CVE-2021-44617 | SQL Injection vulnerability in Glpi-Project Glpi 9.4.6 A SQL Injection vulnerability exits in the Ramo plugin for GLPI 9.4.6 via the idu parameter in plugins/ramo/ramoapirest.php/getOutdated. | 9.8 |
| 2020-10-07 | CVE-2020-15175 | Unspecified vulnerability in Glpi-Project Glpi In GLPI before version 9.5.2, the `?pluginimage.send.php?` endpoint allows a user to specify an image from a plugin. | 9.1 |
| 2020-05-05 | CVE-2020-11035 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated using an insecure algorithm. | 9.3 |
| 2017-07-28 | CVE-2017-11184 | SQL Injection vulnerability in Glpi-Project Glpi SQL injection exists in front/devicesoundcard.php in GLPI before 9.1.5 via the start parameter. | 9.8 |
| 2017-07-20 | CVE-2017-11474 | SQL Injection vulnerability in Glpi-Project Glpi GLPI before 9.1.5.1 has SQL Injection in the $crit variable in inc/computer_softwareversion.class.php, exploitable via ajax/common.tabs.php. | 9.8 |