Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

glpi — Vulnerabilities & Security Advisories 164

All 164 CVE vulnerabilities found in glpi, with AI-generated Chinese analysis, references, and POCs.

This page aggregates Common Weakness Enumeration vulnerability data specifically for the GLPI product developed by the Teclib' vendor. It focuses on identifying security flaws and misconfigurations associated with this popular open-source IT asset management and service desk software. The collection encompasses a broad spectrum of vulnerability classes, including SQL injection, cross-site scripting, privilege escalation, and information disclosure issues. The time range covered extends from the initial public release of GLPI through to the most recent security advisories, providing a comprehensive historical view of the product's security landscape. This period captures the evolution of security patches and the remediation of critical flaws as the software matured and expanded its feature set. Users browsing this resource can track the vendor's security response patterns and advisory timelines to assess the reliability of their updates. Additionally, the page serves as a reference point for understanding the specific manifestations of common weakness classes within the GLPI ecosystem, helping developers and administrators identify recurring code patterns that lead to exploits. By examining the product's vulnerability history, stakeholders can perform risk assessments, prioritize patching efforts, and benchmark their deployment security against known public incidents. The data is structured to facilitate comparative analysis across different GLPI versions and releases. This aggregation aims to provide clear, actionable insights into the security posture of the software over time. It supports informed decision-making for IT professionals responsible for maintaining the integrity and availability of their GLPI installations in enterprise environments.

Vendor: INDEPNET Development Team

CVE IDTitleCVSSSeverityPublished
CVE-2022-35946 SQL injection through plugin controller in GLPI CWE-89 5.5 Medium2022-09-14
CVE-2022-35947 SQL injection in GLPI CWE-89 10.0 Critical2022-09-14
CVE-2022-36112 Blind Server-Side Request Forgery (SSRF) in GLPI CWE-918 3.5 Low2022-09-14
CVE-2022-35945 Cross site scripting (XSS) via registration API in GLPI CWE-79 6.3 Medium2022-09-14
CVE-2022-31143 Leak of sensitive information through login page error in GLPI CWE-200 5.3 Medium2022-09-14
CVE-2022-31061 SQL injection on login page in GLPI CWE-89 9.8 Critical2022-06-28
CVE-2022-31068 Sensitive Data Exposure on Refused Inventory Files in GLPI CWE-200 5.3 Medium2022-06-28
CVE-2022-31056 SQL injection with _actor parameter in GLPI CWE-89 9.8 Critical2022-06-28
CVE-2022-29250 SQL injection in GLPI CWE-89 8.1 High2022-06-09
CVE-2022-24876 Stored cross site scrpting in GLPI's Kanban CWE-79 5.4 Medium2022-06-09
CVE-2022-24869 Cross Site Scripting in GLPI CWE-79 4.6 Medium2022-04-21
CVE-2022-24868 Cross site scripting via SVG file upload in GLPI CWE-79 7.3 High2022-04-21
CVE-2022-24867 LDAP password exposure in glpi CWE-200 7.5 High2022-04-21
CVE-2021-39213 IP restriction on GLPI API Bypass with custom header injection CWE-74 6.8 Medium2021-09-15
CVE-2021-39211 Disclosure of GLPI and server information in telemetry endpoint CWE-200 5.3 Medium2021-09-15
CVE-2021-39210 Autologin cookie accessible by scripts CWE-1004 6.5 Medium2021-09-15
CVE-2021-39209 Bypassable CSRF protection CWE-352 8.8 High2021-09-15
CVE-2021-3486 GLPI 跨站脚本漏洞 CWE-79 6.1 -2021-05-26
CVE-2021-21324 Insecure Direct Object Reference (IDOR) on "Solutions" CWE-639 6.8 Medium2021-03-08
CVE-2021-21325 Stored XSS in budget type CWE-79 6.2 Medium2021-03-08
CVE-2021-21326 Horizontal Privilege Escalation CWE-862 7.7 High2021-03-08
CVE-2021-21327 Unsafe Reflection in getItemForItemtype() CWE-862 6.8 Medium2021-03-08
CVE-2021-21314 XSS injection on ticket update CWE-79 5.4 Medium2021-03-03
CVE-2021-21312 Stored XSS on documents CWE-79 5.4 Medium2021-03-03
CVE-2021-21313 XSS on tabs CWE-74 4.9 Medium2021-03-03
CVE-2021-21258 XSS injection in ajax/kanban CWE-79 6.8 Medium2021-03-02
CVE-2021-21255 entities switch IDOR CWE-862 5.8 Medium2021-03-02
CVE-2020-26212 Any GLPI CalDAV calendars is read-only for every authenticated user CWE-862 7.7 High2020-11-25
CVE-2020-15226 SQL Injection in GLPI Search API CWE-89 5.0 Medium2020-10-07
CVE-2020-15217 User data exposure in GLPI CWE-79 5.3 Medium2020-10-07

All 164 known CVE vulnerabilities affecting glpi with full Chinese analysis, references, and POCs where available.