Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

GLPI — Vulnerabilities & Security Advisories 155

All 155 CVE vulnerabilities found in GLPI, with AI-generated Chinese analysis, references, and POCs.

Vendor: INDEPNET Development Team

CVE IDTitleCVSSSeverityPaused
CVE-2025-23024 GLPI: Plugins are disabled accessing one page CWE-285 7.5 -2025-02-25
CVE-2025-21627 GLPI Cross-site Scripting vulnerability CWE-79 6.5 Medium2025-02-25
CVE-2025-21626 GLPI vulnerable to exposure of sensitive information in the `status.php` endpoint CWE-200 5.8 Medium2025-02-25
CVE-2024-11955 GLPI index.php redirect CWE-601 4.3 Medium2025-02-25
CVE-2024-50339 GLPI vulnerable to unauthenticated session hijacking CWE-79 5.3 -2024-12-11
CVE-2024-48912 GLPI vulnerable to authenticated insecure account deletion CWE-284 6.5 -2024-12-11
CVE-2024-47761 GLPI vulnerable to account takeover via the password reset feature CWE-287 7.2 -2024-12-11
CVE-2024-47760 GLPI vulnerable to account takeover via API CWE-284 8.8 -2024-12-11
CVE-2024-47758 GLPI vulnerable to account takeover without privilege escalation through the API CWE-284 8.8 -2024-12-11
CVE-2024-43416 GLPI vulnerable to enumeration of users' email addresses by unauthenticated user CWE-200 7.5 High2024-11-18
CVE-2024-38370 GLPI allows API document download without rights CWE-285 5.3 Medium2024-11-15
CVE-2024-45611 GLPI has a stored XSS at src/RSSFeed.php CWE-79 5.7 Medium2024-11-15
CVE-2024-45610 GLPI has a reflected XSS in ajax/cable.php CWE-79 6.5 Medium2024-11-15
CVE-2024-45609 GLPI has a Reflected XSS in /front/stat.graph.php CWE-79 6.5 Medium2024-11-15
CVE-2024-45608 GLPI has an Authenticated SQL Injection CWE-89 6.5 Medium2024-11-15
CVE-2024-43418 GLPI has multiple reflected XSS CWE-79 6.5 Medium2024-11-15
CVE-2024-43417 Reflected XSS in Software form CWE-79 6.5 Medium2024-11-15
CVE-2024-41679 Authenticated SQL injection in ticket form CWE-89 6.5 Medium2024-11-15
CVE-2024-41678 GLPI has multiple reflected XSS CWE-79 6.5 Medium2024-11-15
CVE-2024-40638 GLPI allows account takeover via SQL Injection in AJAX scripts CWE-89 8.1 High2024-11-15
CVE-2024-47759 GLPI has a stored XSS via document upload CWE-79 5.4AIMediumAI2024-11-15
CVE-2024-37149 GLPI allows remote code execution through the plugin loader CWE-73 7.2 High2024-07-10
CVE-2024-37148 GLPI allows account takeover via SQL Injection in AJAX scripts CWE-89 8.1 High2024-07-10
CVE-2024-37147 GLPI allows Authenticated File Upload to Restricted Tickets CWE-284 4.3 Medium2024-07-10
CVE-2024-31456 GLPI contains an authenticated SQL injection CWE-89 7.7 High2024-05-07
CVE-2024-29889 GLPI contains an SQL injection through the saved searches CWE-89 7.1 High2024-05-07
CVE-2024-27914 Reflected Cross-Site Scripting (XSS) in search engine when debug mode is enabled in GLPI CWE-79 5.3 Medium2024-03-18
CVE-2024-27104 Stored XSS in dashboards in GLPI CWE-79 4.5 Medium2024-03-18
CVE-2024-27098 Blind Server-Side Request Forgery (SSRF) using Arbitrary Object Instantiation in GLPI CWE-918 6.4 Medium2024-03-18
CVE-2024-27096 SQL Injection in through the search engine CWE-89 7.7 High2024-03-18

All 155 known CVE vulnerabilities affecting GLPI with full Chinese analysis, references, and POCs where available.