Vulnerabilities > Glpi Project

DATE CVE VULNERABILITY TITLE RISK
2019-07-15 CVE-2019-1010307 Cross-site Scripting vulnerability in Glpi-Project Glpi 9.3.1
GLPI GLPI Product 9.3.1 is affected by: Cross Site Scripting (XSS).
network
low complexity
glpi-project CWE-79
5.4
2019-07-12 CVE-2019-1010310 Injection vulnerability in Glpi-Project Glpi 9.3.1
GLPI GLPI Product 9.3.1 is affected by: Frame and Form tags Injection allowing admins to phish users by putting code in reminder description.
network
low complexity
glpi-project CWE-74
3.5
2019-07-10 CVE-2019-13240 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Glpi-Project Glpi
An issue was discovered in GLPI before 9.4.1.
network
high complexity
glpi-project CWE-640
5.9
2019-07-04 CVE-2019-13239 Cross-site Scripting vulnerability in Glpi-Project Glpi
inc/user.class.php in GLPI before 9.4.3 allows XSS via a user picture.
network
low complexity
glpi-project CWE-79
6.1
2019-03-27 CVE-2019-10233 Information Exposure Through Discrepancy vulnerability in Glpi-Project Glpi
Teclib GLPI before 9.4.1.1 is affected by a timing attack associated with a cookie.
network
high complexity
glpi-project CWE-203
8.1
2018-07-02 CVE-2018-13049 SQL Injection vulnerability in Glpi-Project Glpi
The constructSQL function in inc/search.class.php in GLPI 9.2.x through 9.3.0 allows SQL Injection, as demonstrated by triggering a crafted LIMIT clause to front/computer.php.
network
low complexity
glpi-project CWE-89
8.8
2018-03-12 CVE-2018-7563 Cross-site Scripting vulnerability in Glpi-Project Glpi
An issue was discovered in GLPI through 9.2.1.
network
low complexity
glpi-project CWE-79
6.1
2018-03-12 CVE-2018-7562 Unrestricted Upload of File with Dangerous Type vulnerability in Glpi-Project Glpi
A remote code execution issue was discovered in GLPI through 9.2.1.
network
high complexity
glpi-project CWE-434
7.5
2017-07-28 CVE-2017-11184 SQL Injection vulnerability in Glpi-Project Glpi
SQL injection exists in front/devicesoundcard.php in GLPI before 9.1.5 via the start parameter.
network
low complexity
glpi-project CWE-89
critical
9.8
2017-07-28 CVE-2017-11183 Improper Input Validation vulnerability in Glpi-Project Glpi
front/backup.php in GLPI before 9.1.5 allows remote authenticated administrators to delete arbitrary files via a crafted file parameter.
network
low complexity
glpi-project CWE-20
4.9