Vulnerabilities > Glpi Project > Glpi > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-08 | CVE-2021-21327 | Unsafe Reflection vulnerability in Glpi-Project Glpi GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. | 7.5 |
| 2020-10-07 | CVE-2020-15176 | Unspecified vulnerability in Glpi-Project Glpi In GLPI before version 9.5.2, when supplying a back tick in input that gets put into a SQL query,the application does not escape or sanitize allowing for SQL Injection to occur. | 8.6 |
| 2020-09-23 | CVE-2020-11031 | Unspecified vulnerability in Glpi-Project Glpi In GLPI before version 9.5.0, the encryption algorithm used is insecure. | 7.5 |
| 2020-07-17 | CVE-2020-15108 | SQL Injection vulnerability in Glpi-Project Glpi In glpi before 9.5.1, there is a SQL injection for all usages of "Clone" feature. | 7.1 |
| 2020-05-12 | CVE-2020-11060 | Cross-Site Request Forgery (CSRF) vulnerability in Glpi-Project Glpi In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality. | 8.8 |
| 2020-05-05 | CVE-2020-11033 | Information Exposure vulnerability in multiple products In GLPI from version 9.1 and before version 9.4.6, any API user with READ right on User itemtype will have access to full list of users when querying apirest.php/User. | 7.2 |
| 2020-05-05 | CVE-2020-11032 | SQL Injection vulnerability in Glpi-Project Glpi 9.4.5 In GLPI before version 9.4.6, there is a SQL injection vulnerability for all helpdesk instances. | 7.2 |
| 2019-11-01 | CVE-2013-2227 | Improper Input Validation vulnerability in multiple products GLPI 0.83.7 has Local File Inclusion in common.tabs.php. | 7.5 |
| 2019-09-25 | CVE-2019-14666 | Information Exposure vulnerability in Glpi-Project Glpi GLPI through 9.4.3 is prone to account takeover by abusing the ajax/autocompletion.php autocompletion feature. | 8.8 |
| 2019-03-27 | CVE-2019-10233 | Information Exposure Through Discrepancy vulnerability in Glpi-Project Glpi Teclib GLPI before 9.4.1.1 is affected by a timing attack associated with a cookie. | 8.1 |