High

DATE	CVE	VULNERABILITY TITLE	RISK
2023-01-26	CVE-2023-22500	Incorrect Authorization vulnerability in Glpi-Project Glpi GLPI is a Free Asset and IT Management Software package. network low complexity glpi-project CWE-863	7.5
2022-11-03	CVE-2022-39234	Insufficient Session Expiration vulnerability in Glpi-Project Glpi GLPI stands for Gestionnaire Libre de Parc Informatique. network low complexity glpi-project CWE-613	8.8
2022-06-28	CVE-2022-31056	SQL Injection vulnerability in Glpi-Project Glpi 10.0.0/10.0.1 GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. network low complexity glpi-project CWE-89	7.5
2022-06-28	CVE-2022-31061	SQL Injection vulnerability in Glpi-Project Glpi GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. network low complexity glpi-project CWE-89	7.5
2022-06-27	CVE-2022-31082	SQL Injection vulnerability in Glpi-Project Glpi Inventory 1.0.0/1.0.1 GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. network low complexity glpi-project CWE-89	7.5
2022-04-21	CVE-2022-24867	Insufficiently Protected Credentials vulnerability in Glpi-Project Glpi GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. network low complexity glpi-project CWE-522	7.8
2022-03-28	CVE-2021-44617	SQL Injection vulnerability in Glpi-Project Glpi 9.4.6 A SQL Injection vulnerability exits in the Ramo plugin for GLPI 9.4.6 via the idu parameter in plugins/ramo/ramoapirest.php/getOutdated. network low complexity glpi-project CWE-89	7.5
2021-03-08	CVE-2021-21327	Unsafe Reflection vulnerability in Glpi-Project Glpi GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. network low complexity glpi-project CWE-470	7.5
2020-05-05	CVE-2020-11033	Information Exposure vulnerability in multiple products In GLPI from version 9.1 and before version 9.4.6, any API user with READ right on User itemtype will have access to full list of users when querying apirest.php/User. network low complexity glpi-project fedoraproject CWE-200	7.2
2017-07-28	CVE-2017-11184	SQL Injection vulnerability in Glpi-Project Glpi SQL injection exists in front/devicesoundcard.php in GLPI before 9.1.5 via the start parameter. network low complexity glpi-project CWE-89	7.5