Vulnerabilities > Glpi Project
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-29 | CVE-2019-10477 | Data Processing Errors vulnerability in Fusioninventory The FusionInventory plugin before 1.4 for GLPI 9.3.x and before 1.1 for GLPI 9.4.x mishandles sendXML actions. | 5.0 |
| 2019-03-27 | CVE-2019-10233 | Information Exposure Through Discrepancy vulnerability in Glpi-Project Glpi Teclib GLPI before 9.4.1.1 is affected by a timing attack associated with a cookie. | 6.8 |
| 2018-07-02 | CVE-2018-13049 | SQL Injection vulnerability in Glpi-Project Glpi The constructSQL function in inc/search.class.php in GLPI 9.2.x through 9.3.0 allows SQL Injection, as demonstrated by triggering a crafted LIMIT clause to front/computer.php. | 6.5 |
| 2018-03-12 | CVE-2018-7563 | Cross-site Scripting vulnerability in Glpi-Project Glpi An issue was discovered in GLPI through 9.2.1. | 4.3 |
| 2018-03-12 | CVE-2018-7562 | Race Condition vulnerability in Glpi-Project Glpi A remote code execution issue was discovered in GLPI through 9.2.1. | 6.0 |
| 2017-07-28 | CVE-2017-11184 | SQL Injection vulnerability in Glpi-Project Glpi SQL injection exists in front/devicesoundcard.php in GLPI before 9.1.5 via the start parameter. | 7.5 |
| 2017-07-28 | CVE-2017-11183 | Improper Input Validation vulnerability in Glpi-Project Glpi front/backup.php in GLPI before 9.1.5 allows remote authenticated administrators to delete arbitrary files via a crafted file parameter. | 5.5 |
| 2017-07-20 | CVE-2017-11475 | SQL Injection vulnerability in Glpi-Project Glpi GLPI before 9.1.5.1 has SQL Injection in the condition rule field, exploitable via front/rulesengine.test.php. | 6.5 |
| 2017-07-20 | CVE-2017-11474 | SQL Injection vulnerability in Glpi-Project Glpi GLPI before 9.1.5.1 has SQL Injection in the $crit variable in inc/computer_softwareversion.class.php, exploitable via ajax/common.tabs.php. | 7.5 |
| 2017-07-19 | CVE-2016-7509 | Cross-site Scripting vulnerability in Glpi-Project Glpi 0.90.4 Cross-site scripting (XSS) vulnerability in GLPI 0.90.4 allows remote authenticated attackers to inject arbitrary web script or HTML by attaching a crafted HTML file to a ticket. | 3.5 |