Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

GLPI — Vulnerabilities & Security Advisories 155

All 155 CVE vulnerabilities found in GLPI, with AI-generated Chinese analysis, references, and POCs.

Vendor: INDEPNET Development Team

CVE IDTitleCVSSSeverityPaused
CVE-2024-27930 Sensitive fields access through dropdowns in GLPI CWE-285 6.5 Medium2024-03-18
CVE-2024-27937 glpi Users emails enumeration CWE-285 6.5 Medium2024-03-18
CVE-2023-51446 GLPI LDAP Injection during authentication CWE-90 5.9 Medium2024-02-01
CVE-2024-23645 GLPI reflected XSS in reports pages CWE-79 6.5 Medium2024-02-01
CVE-2023-46727 GLPI SQL injection through inventory agent request CWE-89 8.6 High2023-12-13
CVE-2023-46726 GLPI Remote code execution from LDAP server configuration form on PHP 7.4 CWE-74 7.2 High2023-12-13
CVE-2023-43813 glpi Authenticated SQL Injection CWE-89 6.5 Medium2023-12-13
CVE-2023-42802 GLPI vulnerable to unallowed PHP script execution CWE-20 10.0 Critical2023-11-02
CVE-2023-42462 File deletion through document upload process in GLPI CWE-22 7.7 High2023-09-26
CVE-2023-42461 SQL injection in ITIL actors in GLPI CWE-89 6.5 Medium2023-09-26
CVE-2023-41888 Phishing through a login page malicious URL in GLPI CWE-22 5.3 Medium2023-09-26
CVE-2023-41326 Account takeover via Kanban feature in GLPI CWE-269 8.1 High2023-09-26
CVE-2023-41324 Account takeover through API in GLPI CWE-269 8.1 High2023-09-26
CVE-2023-41323 Users login enumeration by unauthenticated user in GLPI CWE-200 5.3 Medium2023-09-26
CVE-2023-41322 Privilege Escalation from technician to super-admin in GLPI CWE-284 4.9 Medium2023-09-26
CVE-2023-41321 Sensitive fields enumeration through API in GLPI CWE-200 4.9 Medium2023-09-26
CVE-2023-41320 Account takeover via SQL Injection in UI layout preferences in GLPI CWE-89 8.1 High2023-09-26
CVE-2023-37278 GLPI vulnerable to SQL injection via dashboard administration CWE-89 6.8 Medium2023-07-13
CVE-2023-36808 GLPI vulnerable to SQL injection through Computer Virtual Machine information CWE-89 8.6 High2023-07-05
CVE-2023-35940 GLPI vulnerable to unauthenticated access to Dashboard data CWE-284 7.5 High2023-07-05
CVE-2023-35939 GLPI vulnerable to unauthorized access to Dashboard data CWE-284 8.1 High2023-07-05
CVE-2023-35924 GLPI vulnerable to SQL injection via inventory agent request CWE-89 8.6 High2023-07-05
CVE-2023-34244 GLPI vulnerable to reflected XSS in search pages CWE-79 6.5 Medium2023-07-05
CVE-2023-34107 GLPI vulnerable to unauthorized access to KnowbaseItem data CWE-284 6.5 Medium2023-07-05
CVE-2023-34106 GLPI vulnerable to unauthorized access to User data CWE-284 6.5 Medium2023-07-05
CVE-2023-28852 GLPI vulnerable to stored Cross-site Scripting through dashboard administration CWE-79 4.8 Medium2023-04-05
CVE-2023-28849 GLPI vulnerable to SQL injection and Stored XSS via inventory agent request CWE-89 10.0 Critical2023-04-05
CVE-2023-28838 GLPI vulnerable to SQL injection through dynamic reports CWE-89 9.6 Critical2023-04-05
CVE-2023-28636 GLPI vulnerable to stored Cross-site Scripting in external links CWE-79 4.5 Medium2023-04-05
CVE-2023-28634 GLPI vulnerable to Privilege Escalation from Technician to Super-Admin CWE-285 8.8 High2023-04-05

All 155 known CVE vulnerabilities affecting GLPI with full Chinese analysis, references, and POCs where available.