Vulnerabilities > Glpi Project > Glpi > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-28 | CVE-2022-31061 | SQL Injection vulnerability in Glpi-Project Glpi GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. | 7.5 |
| 2022-04-21 | CVE-2022-24867 | Insufficiently Protected Credentials vulnerability in Glpi-Project Glpi GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. | 7.8 |
| 2022-03-28 | CVE-2021-44617 | SQL Injection vulnerability in Glpi-Project Glpi 9.4.6 A SQL Injection vulnerability exits in the Ramo plugin for GLPI 9.4.6 via the idu parameter in plugins/ramo/ramoapirest.php/getOutdated. | 7.5 |
| 2021-03-08 | CVE-2021-21327 | Unsafe Reflection vulnerability in Glpi-Project Glpi GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. | 7.5 |
| 2020-05-05 | CVE-2020-11033 | Information Exposure vulnerability in multiple products In GLPI from version 9.1 and before version 9.4.6, any API user with READ right on User itemtype will have access to full list of users when querying apirest.php/User. | 7.2 |
| 2017-07-28 | CVE-2017-11184 | SQL Injection vulnerability in Glpi-Project Glpi SQL injection exists in front/devicesoundcard.php in GLPI before 9.1.5 via the start parameter. | 7.5 |
| 2017-07-20 | CVE-2017-11474 | SQL Injection vulnerability in Glpi-Project Glpi GLPI before 9.1.5.1 has SQL Injection in the $crit variable in inc/computer_softwareversion.class.php, exploitable via ajax/common.tabs.php. | 7.5 |
| 2017-07-17 | CVE-2017-11329 | SQL Injection vulnerability in Glpi-Project Glpi GLPI before 9.1.5 allows SQL injection via an ajax/getDropdownValue.php request with an entity_restrict parameter that is not a list of integers. | 7.5 |
| 2015-04-14 | CVE-2014-8360 | Path Traversal vulnerability in Glpi-Project Glpi Directory traversal vulnerability in inc/autoload.function.php in GLPI before 0.84.8 allows remote attackers to include and execute arbitrary local files via a .._ (dot dot underscore) in an item type to the getItemForItemtype, as demonstrated by the itemtype parameter in ajax/common.tabs.php. | 7.5 |
| 2014-05-14 | CVE-2013-2226 | SQL Injection vulnerability in Glpi-Project Glpi Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow remote attackers to execute arbitrary SQL commands via the (1) users_id_assign parameter to ajax/ticketassigninformation.php, (2) filename parameter to front/document.form.php, or (3) table parameter to ajax/comments.php. | 7.5 |