Vulnerabilities > Glpi Project
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-05 | CVE-2023-35924 | SQL Injection vulnerability in Glpi-Project Glpi GLPI is a free asset and IT management software package. | 9.8 |
| 2023-07-05 | CVE-2023-34106 | Incorrect Authorization vulnerability in Glpi-Project Glpi GLPI is a free asset and IT management software package. | 6.5 |
| 2023-06-23 | CVE-2023-34254 | OS Command Injection vulnerability in Glpi-Project Glpi Agent The GLPI Agent is a generic management agent. | 7.2 |
| 2023-04-16 | CVE-2022-34125 | Information Exposure vulnerability in Glpi-Project Cmdb front/icon.send.php in the CMDB plugin before 3.0.3 for GLPI allows attackers to gain read access to sensitive information via a _log/ pathname in the file parameter. | 6.5 |
| 2023-04-16 | CVE-2022-34126 | Path Traversal vulnerability in Glpi-Project Activity The Activity plugin before 3.1.1 for GLPI allows reading local files via directory traversal in the front/cra.send.php file parameter. | 7.5 |
| 2023-04-16 | CVE-2022-34127 | Path Traversal vulnerability in Glpi-Project Manageentities The Managentities plugin before 4.0.2 for GLPI allows reading local files via directory traversal in the inc/cri.class.php file parameter. | 7.5 |
| 2023-04-16 | CVE-2022-34128 | Unrestricted Upload of File with Dangerous Type vulnerability in Glpi-Project Positions The Cartography (aka positions) plugin before 6.0.1 for GLPI allows remote code execution via PHP code in the POST data to front/upload.php. | 9.8 |
| 2023-01-26 | CVE-2023-22500 | Incorrect Authorization vulnerability in Glpi-Project Glpi GLPI is a Free Asset and IT Management Software package. | 7.5 |
| 2023-01-26 | CVE-2023-22722 | Cross-site Scripting vulnerability in Glpi-Project Glpi GLPI is a Free Asset and IT Management Software package. | 6.1 |
| 2023-01-26 | CVE-2023-22724 | Cross-site Scripting vulnerability in Glpi-Project Glpi GLPI is a Free Asset and IT Management Software package. | 4.8 |