Vulnerabilities > Glpi Project
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-05 | CVE-2020-11034 | Open Redirect vulnerability in Glpi-Project Glpi In GLPI before version 9.4.6, there is a vulnerability that allows bypassing the open redirect protection based which is based on a regexp. | 6.1 |
| 2020-05-05 | CVE-2020-11033 | Information Exposure vulnerability in multiple products In GLPI from version 9.1 and before version 9.4.6, any API user with READ right on User itemtype will have access to full list of users when querying apirest.php/User. | 7.2 |
| 2020-05-05 | CVE-2020-11032 | SQL Injection vulnerability in Glpi-Project Glpi 9.4.5 In GLPI before version 9.4.6, there is a SQL injection vulnerability for all helpdesk instances. | 6.5 |
| 2019-11-01 | CVE-2013-2227 | Improper Input Validation vulnerability in multiple products GLPI 0.83.7 has Local File Inclusion in common.tabs.php. | 5.0 |
| 2019-09-25 | CVE-2019-14666 | Information Exposure vulnerability in Glpi-Project Glpi GLPI through 9.4.3 is prone to account takeover by abusing the ajax/autocompletion.php autocompletion feature. | 6.5 |
| 2019-07-15 | CVE-2019-1010307 | Cross-site Scripting vulnerability in Glpi-Project Glpi 9.3.1 GLPI GLPI Product 9.3.1 is affected by: Cross Site Scripting (XSS). | 3.5 |
| 2019-07-12 | CVE-2019-1010310 | Injection vulnerability in Glpi-Project Glpi 9.3.1 GLPI GLPI Product 9.3.1 is affected by: Frame and Form tags Injection allowing admins to phish users by putting code in reminder description. | 3.5 |
| 2019-07-10 | CVE-2019-13240 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Glpi-Project Glpi An issue was discovered in GLPI before 9.4.1. | 4.3 |
| 2019-07-04 | CVE-2019-13239 | Cross-site Scripting vulnerability in Glpi-Project Glpi inc/user.class.php in GLPI before 9.4.3 allows XSS via a user picture. | 4.3 |
| 2019-03-29 | CVE-2019-10477 | Data Processing Errors vulnerability in Fusioninventory The FusionInventory plugin before 1.4 for GLPI 9.3.x and before 1.1 for GLPI 9.4.x mishandles sendXML actions. | 5.0 |