Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Glpi-Project — Vulnerabilities & Security Advisories 160

Browse all 160 CVE security advisories affecting Glpi-Project. AI-powered Chinese analysis, POCs, and references for each vulnerability.

glpi-project develops an open-source IT asset management and service desk solution widely used for tracking hardware, software, and support tickets. Its architecture, primarily built on PHP and MySQL, has historically exposed it to a significant volume of security flaws, currently totaling 160 recorded CVEs. Common vulnerability classes include remote code execution, cross-site scripting, and SQL injection, often stemming from insufficient input validation or improper access controls. Privilege escalation remains a persistent risk, allowing unauthorized users to gain administrative rights. While the project maintains an active development cycle to address these issues, the sheer number of disclosed defects highlights challenges in maintaining rigorous code security standards across its extensive feature set. These incidents underscore the critical need for regular patching and secure configuration management for organizations deploying this widely adopted IT management platform.

Top products by Glpi-Project: GLPI glpi-inventory-plugin glpi-agent
CVE IDTitleCVSSSeverityPublished
CVE-2023-34106 GLPI vulnerable to unauthorized access to User data — glpiCWE-284 6.5 Medium2023-07-05
CVE-2023-34254 Remote inventory task command injection when using ssh command mode — glpi-agentCWE-78 7.7 High2023-06-23
CVE-2023-28852 GLPI vulnerable to stored Cross-site Scripting through dashboard administration — glpiCWE-79 4.8 Medium2023-04-05
CVE-2023-28849 GLPI vulnerable to SQL injection and Stored XSS via inventory agent request — glpiCWE-89 10.0 Critical2023-04-05
CVE-2023-28838 GLPI vulnerable to SQL injection through dynamic reports — glpiCWE-89 9.6 Critical2023-04-05
CVE-2023-28636 GLPI vulnerable to stored Cross-site Scripting in external links — glpiCWE-79 4.5 Medium2023-04-05
CVE-2023-28634 GLPI vulnerable to Privilege Escalation from Technician to Super-Admin — glpiCWE-285 8.8 High2023-04-05
CVE-2023-28633 GLPI vulnerable to Blind Server-Side Request Forgery (SSRF) in RSS feeds — glpiCWE-918 3.5 Low2023-04-05
CVE-2023-28632 GLPI vulnerable to account takeover by authenticated user — glpiCWE-269 8.1 High2023-04-05
CVE-2022-41941 glpi contains XSS Stored inside Standard Interface Help Link href attribute — glpiCWE-79 6.2 Medium2023-01-25
CVE-2023-22500 glpi Unauthorized access to inventory files — glpiCWE-863 7.5 High2023-01-25
CVE-2023-22722 glpi subject to Cross-site Scripting (XSS) - Reflected — glpiCWE-79 6.8 Medium2023-01-25
CVE-2023-22724 glpi contains XSS in RSS Description Link — glpiCWE-79 6.2 Medium2023-01-25
CVE-2023-22725 glpi vulnerable to XSS on external links — glpiCWE-79 6.2 Medium2023-01-25
CVE-2023-23610 glpi vulnerable to Unauthorized access to data export — glpiCWE-269 6.5 Medium2023-01-25
CVE-2022-39234 user session persists even after permanently deleting account in GLPI — glpiCWE-613 4.7 Medium2022-11-03
CVE-2022-39262 Stored Cross-Site Scripting (XSS) on login page in GLPI — glpiCWE-83 5.2 Medium2022-11-03
CVE-2022-39276 Blind Server-Side Request Forgery (SSRF) in RSS feeds and planning — glpiCWE-918 3.5 Low2022-11-03
CVE-2022-39277 Cross-Site Scripting (XSS) in external links in GLPI — glpiCWE-79 4.5 Medium2022-11-03
CVE-2022-39323 SQL Injection on REST API in GLPI — glpiCWE-89 7.4 High2022-11-03
CVE-2022-39370 Improper access to debug panel in GLPI — glpiCWE-284 4.3 Medium2022-11-03
CVE-2022-39371 Stored Cross-Site Scripting (XSS) through asset inventory in GLPI — glpiCWE-80 7.5 High2022-11-03
CVE-2022-39372 Stored Cross-Site Scripting (XSS) in user information in GLPI — glpiCWE-79 3.5 Low2022-11-03
CVE-2022-39373 Stored Cross-Site Scripting (XSS) in entity name in GLPI — glpiCWE-79 4.9 Medium2022-11-03
CVE-2022-39375 Cross-Site Scripting (XSS) through public RSS feed in GLPI — glpiCWE-79 4.5 Medium2022-11-03
CVE-2022-39376 Improper input validation on emails links in GLPI — glpiCWE-20 2.6 Low2022-11-03
CVE-2022-31187 Stored Cross Site Scripting (XSS) through global search in GLPI — glpiCWE-79 6.8 Medium2022-09-14
CVE-2022-35946 SQL injection through plugin controller in GLPI — glpiCWE-89 5.5 Medium2022-09-14
CVE-2022-35947 SQL injection in GLPI — glpiCWE-89 10.0 Critical2022-09-14
CVE-2022-36112 Blind Server-Side Request Forgery (SSRF) in GLPI — glpiCWE-918 3.5 Low2022-09-14

This page lists every published CVE security advisory associated with Glpi-Project. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.