Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

glpi — Vulnerabilities & Security Advisories 164

All 164 CVE vulnerabilities found in glpi, with AI-generated Chinese analysis, references, and POCs.

This page aggregates Common Weakness Enumeration vulnerability data specifically for the GLPI product developed by the Teclib' vendor. It focuses on identifying security flaws and misconfigurations associated with this popular open-source IT asset management and service desk software. The collection encompasses a broad spectrum of vulnerability classes, including SQL injection, cross-site scripting, privilege escalation, and information disclosure issues. The time range covered extends from the initial public release of GLPI through to the most recent security advisories, providing a comprehensive historical view of the product's security landscape. This period captures the evolution of security patches and the remediation of critical flaws as the software matured and expanded its feature set. Users browsing this resource can track the vendor's security response patterns and advisory timelines to assess the reliability of their updates. Additionally, the page serves as a reference point for understanding the specific manifestations of common weakness classes within the GLPI ecosystem, helping developers and administrators identify recurring code patterns that lead to exploits. By examining the product's vulnerability history, stakeholders can perform risk assessments, prioritize patching efforts, and benchmark their deployment security against known public incidents. The data is structured to facilitate comparative analysis across different GLPI versions and releases. This aggregation aims to provide clear, actionable insights into the security posture of the software over time. It supports informed decision-making for IT professionals responsible for maintaining the integrity and availability of their GLPI installations in enterprise environments.

Vendor: INDEPNET Development Team

CVE IDTitleCVSSSeverityPublished
CVE-2024-37149 GLPI allows remote code execution through the plugin loader CWE-73 7.2 High2024-07-10
CVE-2024-37148 GLPI allows account takeover via SQL Injection in AJAX scripts CWE-89 8.1 High2024-07-10
CVE-2024-37147 GLPI allows Authenticated File Upload to Restricted Tickets CWE-284 4.3 Medium2024-07-10
CVE-2024-31456 GLPI contains an authenticated SQL injection CWE-89 7.7 High2024-05-07
CVE-2024-29889 GLPI contains an SQL injection through the saved searches CWE-89 7.1 High2024-05-07
CVE-2024-27914 Reflected Cross-Site Scripting (XSS) in search engine when debug mode is enabled in GLPI CWE-79 5.3 Medium2024-03-18
CVE-2024-27104 Stored XSS in dashboards in GLPI CWE-79 4.5 Medium2024-03-18
CVE-2024-27098 Blind Server-Side Request Forgery (SSRF) using Arbitrary Object Instantiation in GLPI CWE-918 6.4 Medium2024-03-18
CVE-2024-27096 SQL Injection in through the search engine CWE-89 7.7 High2024-03-18
CVE-2024-27930 Sensitive fields access through dropdowns in GLPI CWE-285 6.5 Medium2024-03-18
CVE-2024-27937 glpi Users emails enumeration CWE-285 6.5 Medium2024-03-18
CVE-2023-51446 GLPI LDAP Injection during authentication CWE-90 5.9 Medium2024-02-01
CVE-2024-23645 GLPI reflected XSS in reports pages CWE-79 6.5 Medium2024-02-01
CVE-2023-46727 GLPI SQL injection through inventory agent request CWE-89 8.6 High2023-12-13
CVE-2023-46726 GLPI Remote code execution from LDAP server configuration form on PHP 7.4 CWE-74 7.2 High2023-12-13
CVE-2023-43813 glpi Authenticated SQL Injection CWE-89 6.5 Medium2023-12-13
CVE-2023-42802 GLPI vulnerable to unallowed PHP script execution CWE-20 10.0 Critical2023-11-02
CVE-2023-42462 File deletion through document upload process in GLPI CWE-22 7.7 High2023-09-26
CVE-2023-42461 SQL injection in ITIL actors in GLPI CWE-89 6.5 Medium2023-09-26
CVE-2023-41888 Phishing through a login page malicious URL in GLPI CWE-22 5.3 Medium2023-09-26
CVE-2023-41326 Account takeover via Kanban feature in GLPI CWE-269 8.1 High2023-09-26
CVE-2023-41324 Account takeover through API in GLPI CWE-269 8.1 High2023-09-26
CVE-2023-41323 Users login enumeration by unauthenticated user in GLPI CWE-200 5.3 Medium2023-09-26
CVE-2023-41322 Privilege Escalation from technician to super-admin in GLPI CWE-284 4.9 Medium2023-09-26
CVE-2023-41321 Sensitive fields enumeration through API in GLPI CWE-200 4.9 Medium2023-09-26
CVE-2023-41320 Account takeover via SQL Injection in UI layout preferences in GLPI CWE-89 8.1 High2023-09-26
CVE-2023-37278 GLPI vulnerable to SQL injection via dashboard administration CWE-89 6.8 Medium2023-07-13
CVE-2023-36808 GLPI vulnerable to SQL injection through Computer Virtual Machine information CWE-89 8.6 High2023-07-05
CVE-2023-35940 GLPI vulnerable to unauthenticated access to Dashboard data CWE-284 7.5 High2023-07-05
CVE-2023-35939 GLPI vulnerable to unauthorized access to Dashboard data CWE-284 8.1 High2023-07-05

All 164 known CVE vulnerabilities affecting glpi with full Chinese analysis, references, and POCs where available.