Vulnerabilities > Glpi Project

DATE CVE VULNERABILITY TITLE RISK
2020-10-07 CVE-2020-15177 Cross-site Scripting vulnerability in Glpi-Project Glpi
In GLPI before version 9.5.2, the `install/install.php` endpoint insecurely stores user input into the database as `url_base` and `url_base_api`.
4.3
2020-10-07 CVE-2020-15176 SQL Injection vulnerability in Glpi-Project Glpi
In GLPI before version 9.5.2, when supplying a back tick in input that gets put into a SQL query,the application does not escape or sanitize allowing for SQL Injection to occur.
network
low complexity
glpi-project CWE-89
5.0
2020-10-07 CVE-2020-15175 Files or Directories Accessible to External Parties vulnerability in Glpi-Project Glpi
In GLPI before version 9.5.2, the `?pluginimage.send.php?` endpoint allows a user to specify an image from a plugin.
network
low complexity
glpi-project CWE-552
6.4
2020-09-23 CVE-2020-11031 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Glpi-Project Glpi
In GLPI before version 9.5.0, the encryption algorithm used is insecure.
network
low complexity
glpi-project CWE-327
5.0
2020-07-17 CVE-2020-15108 SQL Injection vulnerability in Glpi-Project Glpi
In glpi before 9.5.1, there is a SQL injection for all usages of "Clone" feature.
network
low complexity
glpi-project CWE-89
4.0
2020-05-12 CVE-2020-11062 Cross-site Scripting vulnerability in Glpi-Project Glpi
In GLPI after 0.68.1 and before 9.4.6, multiple reflexive XSS occur in Dropdown endpoints due to an invalid Content-Type.
3.5
2020-05-12 CVE-2020-11060 Cross-Site Request Forgery (CSRF) vulnerability in Glpi-Project Glpi
In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality.
network
low complexity
glpi-project CWE-352
critical
9.0
2020-05-12 CVE-2020-5248 Use of Hard-coded Credentials vulnerability in Glpi-Project Glpi
GLPI before before version 9.4.6 has a vulnerability involving a default encryption key.
network
low complexity
glpi-project CWE-798
5.0
2020-05-05 CVE-2020-11036 Cross-site Scripting vulnerability in Glpi-Project Glpi
In GLPI before version 9.4.6 there are multiple related stored XSS vulnerabilities.
3.5
2020-05-05 CVE-2020-11035 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated using an insecure algorithm.
network
low complexity
glpi-project fedoraproject CWE-327
6.4