Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Glpi-Project — Vulnerabilities & Security Advisories 160

Browse all 160 CVE security advisories affecting Glpi-Project. AI-powered Chinese analysis, POCs, and references for each vulnerability.

glpi-project develops an open-source IT asset management and service desk solution widely used for tracking hardware, software, and support tickets. Its architecture, primarily built on PHP and MySQL, has historically exposed it to a significant volume of security flaws, currently totaling 160 recorded CVEs. Common vulnerability classes include remote code execution, cross-site scripting, and SQL injection, often stemming from insufficient input validation or improper access controls. Privilege escalation remains a persistent risk, allowing unauthorized users to gain administrative rights. While the project maintains an active development cycle to address these issues, the sheer number of disclosed defects highlights challenges in maintaining rigorous code security standards across its extensive feature set. These incidents underscore the critical need for regular patching and secure configuration management for organizations deploying this widely adopted IT management platform.

Top products by Glpi-Project: GLPI glpi-inventory-plugin glpi-agent
CVE IDTitleCVSSSeverityPublished
CVE-2025-24799 GLPI allows unauthenticated SQL injection through the inventory endpoint — glpiCWE-89 7.5 High2025-03-18
CVE-2025-21619 GLPI allows SQL injection through the rules configuration — glpiCWE-89 7.2 -2025-03-18
CVE-2025-26626 GLPI Inventory Plugin vulnerable to reflective Cross-site Scripting — glpi-inventory-pluginCWE-79 6.5 Medium2025-03-14
CVE-2025-25192 GLPI allows unauthorized access to debug mode — glpiCWE-200 6.5 Medium2025-02-25
CVE-2025-23046 GLPI vulnerable to unauthorized authentication by email using the OAuthIMAP plugin — glpiCWE-303 8.8 -2025-02-25
CVE-2025-23024 GLPI: Plugins are disabled accessing one page — glpiCWE-285 7.5 -2025-02-25
CVE-2025-21627 GLPI Cross-site Scripting vulnerability — glpiCWE-79 6.5 Medium2025-02-25
CVE-2025-21626 GLPI vulnerable to exposure of sensitive information in the `status.php` endpoint — glpiCWE-200 5.8 Medium2025-02-25
CVE-2024-50339 GLPI vulnerable to unauthenticated session hijacking — glpiCWE-79 5.3 -2024-12-11
CVE-2024-48912 GLPI vulnerable to authenticated insecure account deletion — glpiCWE-284 6.5 -2024-12-11
CVE-2024-47761 GLPI vulnerable to account takeover via the password reset feature — glpiCWE-287 7.2 -2024-12-11
CVE-2024-47760 GLPI vulnerable to account takeover via API — glpiCWE-284 8.8 -2024-12-11
CVE-2024-47758 GLPI vulnerable to account takeover without privilege escalation through the API — glpiCWE-284 8.8 -2024-12-11
CVE-2024-43416 GLPI vulnerable to enumeration of users' email addresses by unauthenticated user — glpiCWE-200 7.5 High2024-11-18
CVE-2024-38370 GLPI allows API document download without rights — glpiCWE-285 5.3 Medium2024-11-15
CVE-2024-45611 GLPI has a stored XSS at src/RSSFeed.php — glpiCWE-79 5.7 Medium2024-11-15
CVE-2024-45610 GLPI has a reflected XSS in ajax/cable.php — glpiCWE-79 6.5 Medium2024-11-15
CVE-2024-45609 GLPI has a Reflected XSS in /front/stat.graph.php — glpiCWE-79 6.5 Medium2024-11-15
CVE-2024-45608 GLPI has an Authenticated SQL Injection — glpiCWE-89 6.5 Medium2024-11-15
CVE-2024-43418 GLPI has multiple reflected XSS — glpiCWE-79 6.5 Medium2024-11-15
CVE-2024-43417 Reflected XSS in Software form — glpiCWE-79 6.5 Medium2024-11-15
CVE-2024-41679 Authenticated SQL injection in ticket form — glpiCWE-89 6.5 Medium2024-11-15
CVE-2024-41678 GLPI has multiple reflected XSS — glpiCWE-79 6.5 Medium2024-11-15
CVE-2024-40638 GLPI allows account takeover via SQL Injection in AJAX scripts — glpiCWE-89 8.1 High2024-11-15
CVE-2024-47759 GLPI has a stored XSS via document upload — glpiCWE-79 5.4AIMediumAI2024-11-15
CVE-2024-37149 GLPI allows remote code execution through the plugin loader — glpiCWE-73 7.2 High2024-07-10
CVE-2024-37148 GLPI allows account takeover via SQL Injection in AJAX scripts — glpiCWE-89 8.1 High2024-07-10
CVE-2024-37147 GLPI allows Authenticated File Upload to Restricted Tickets — glpiCWE-284 4.3 Medium2024-07-10
CVE-2024-31456 GLPI contains an authenticated SQL injection — glpiCWE-89 7.7 High2024-05-07
CVE-2024-29889 GLPI contains an SQL injection through the saved searches — glpiCWE-89 7.1 High2024-05-07

This page lists every published CVE security advisory associated with Glpi-Project. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.