Vulnerabilities > Glpi Project
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-10-07 | CVE-2020-15175 | Unspecified vulnerability in Glpi-Project Glpi In GLPI before version 9.5.2, the `?pluginimage.send.php?` endpoint allows a user to specify an image from a plugin. | 9.1 |
2020-09-23 | CVE-2020-11031 | Unspecified vulnerability in Glpi-Project Glpi In GLPI before version 9.5.0, the encryption algorithm used is insecure. | 7.5 |
2020-07-17 | CVE-2020-15108 | SQL Injection vulnerability in Glpi-Project Glpi In glpi before 9.5.1, there is a SQL injection for all usages of "Clone" feature. | 7.1 |
2020-05-12 | CVE-2020-11062 | Cross-site Scripting vulnerability in Glpi-Project Glpi In GLPI after 0.68.1 and before 9.4.6, multiple reflexive XSS occur in Dropdown endpoints due to an invalid Content-Type. | 5.4 |
2020-05-12 | CVE-2020-11060 | Cross-Site Request Forgery (CSRF) vulnerability in Glpi-Project Glpi In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality. | 8.8 |
2020-05-12 | CVE-2020-5248 | Use of Hard-coded Credentials vulnerability in Glpi-Project Glpi GLPI before before version 9.4.6 has a vulnerability involving a default encryption key. | 5.3 |
2020-05-05 | CVE-2020-11036 | Cross-site Scripting vulnerability in Glpi-Project Glpi In GLPI before version 9.4.6 there are multiple related stored XSS vulnerabilities. | 5.4 |
2020-05-05 | CVE-2020-11035 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated using an insecure algorithm. | 9.3 |
2020-05-05 | CVE-2020-11034 | Open Redirect vulnerability in Glpi-Project Glpi In GLPI before version 9.4.6, there is a vulnerability that allows bypassing the open redirect protection based which is based on a regexp. | 6.1 |
2020-05-05 | CVE-2020-11033 | Information Exposure vulnerability in multiple products In GLPI from version 9.1 and before version 9.4.6, any API user with READ right on User itemtype will have access to full list of users when querying apirest.php/User. | 7.2 |