Vulnerabilities > Glpi Project > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-11-03 CVE-2022-39323 SQL Injection vulnerability in Glpi-Project Glpi
GLPI stands for Gestionnaire Libre de Parc Informatique.
network
low complexity
glpi-project CWE-89
critical
9.8
2022-09-19 CVE-2022-35914 Injection vulnerability in Glpi-Project Glpi
/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection.
network
low complexity
glpi-project CWE-74
critical
9.8
2020-10-07 CVE-2020-15175 Files or Directories Accessible to External Parties vulnerability in Glpi-Project Glpi
In GLPI before version 9.5.2, the `?pluginimage.send.php?` endpoint allows a user to specify an image from a plugin.
network
low complexity
glpi-project CWE-552
critical
9.1
2020-05-12 CVE-2020-11060 Cross-Site Request Forgery (CSRF) vulnerability in Glpi-Project Glpi
In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality.
network
low complexity
glpi-project CWE-352
critical
9.0
2020-05-05 CVE-2020-11035 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated using an insecure algorithm.
network
low complexity
glpi-project fedoraproject CWE-327
critical
9.3
2015-10-05 CVE-2015-7684 Unspecified vulnerability in Glpi-Project Glpi
Unrestricted file upload in GLPI before 0.85.3 allows remote authenticated users to execute arbitrary code by adding a file with an executable extension as an attachment to a new ticket, then accessing it via a direct request to the file in files/_tmp/.
network
low complexity
glpi-project
critical
9.0