Vulnerabilities > Glpi Project > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-05 | CVE-2020-11034 | Open Redirect vulnerability in Glpi-Project Glpi In GLPI before version 9.4.6, there is a vulnerability that allows bypassing the open redirect protection based which is based on a regexp. | 6.1 |
| 2020-05-05 | CVE-2020-11032 | SQL Injection vulnerability in Glpi-Project Glpi 9.4.5 In GLPI before version 9.4.6, there is a SQL injection vulnerability for all helpdesk instances. | 6.5 |
| 2019-11-01 | CVE-2013-2227 | Improper Input Validation vulnerability in multiple products GLPI 0.83.7 has Local File Inclusion in common.tabs.php. | 5.0 |
| 2019-09-25 | CVE-2019-14666 | Information Exposure vulnerability in Glpi-Project Glpi GLPI through 9.4.3 is prone to account takeover by abusing the ajax/autocompletion.php autocompletion feature. | 6.5 |
| 2019-07-10 | CVE-2019-13240 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Glpi-Project Glpi An issue was discovered in GLPI before 9.4.1. | 4.3 |
| 2019-07-04 | CVE-2019-13239 | Cross-site Scripting vulnerability in Glpi-Project Glpi inc/user.class.php in GLPI before 9.4.3 allows XSS via a user picture. | 4.3 |
| 2019-03-29 | CVE-2019-10477 | Data Processing Errors vulnerability in Fusioninventory The FusionInventory plugin before 1.4 for GLPI 9.3.x and before 1.1 for GLPI 9.4.x mishandles sendXML actions. | 5.0 |
| 2019-03-27 | CVE-2019-10233 | Information Exposure Through Discrepancy vulnerability in Glpi-Project Glpi Teclib GLPI before 9.4.1.1 is affected by a timing attack associated with a cookie. | 6.8 |
| 2018-07-02 | CVE-2018-13049 | SQL Injection vulnerability in Glpi-Project Glpi The constructSQL function in inc/search.class.php in GLPI 9.2.x through 9.3.0 allows SQL Injection, as demonstrated by triggering a crafted LIMIT clause to front/computer.php. | 6.5 |
| 2018-03-12 | CVE-2018-7563 | Cross-site Scripting vulnerability in Glpi-Project Glpi An issue was discovered in GLPI through 9.2.1. | 4.3 |