Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Glpi-Project — Vulnerabilities & Security Advisories 160

Browse all 160 CVE security advisories affecting Glpi-Project. AI-powered Chinese analysis, POCs, and references for each vulnerability.

glpi-project develops an open-source IT asset management and service desk solution widely used for tracking hardware, software, and support tickets. Its architecture, primarily built on PHP and MySQL, has historically exposed it to a significant volume of security flaws, currently totaling 160 recorded CVEs. Common vulnerability classes include remote code execution, cross-site scripting, and SQL injection, often stemming from insufficient input validation or improper access controls. Privilege escalation remains a persistent risk, allowing unauthorized users to gain administrative rights. While the project maintains an active development cycle to address these issues, the sheer number of disclosed defects highlights challenges in maintaining rigorous code security standards across its extensive feature set. These incidents underscore the critical need for regular patching and secure configuration management for organizations deploying this widely adopted IT management platform.

Found 150 results / 160Clear Filters
Top products by Glpi-Project: GLPI glpi-inventory-plugin glpi-agent
CVE IDTitleCVSSSeverityPublished
CVE-2022-24868 Cross site scripting via SVG file upload in GLPI — glpiCWE-79 7.3 High2022-04-21
CVE-2022-24867 LDAP password exposure in glpi — glpiCWE-200 7.5 High2022-04-21
CVE-2021-39213 IP restriction on GLPI API Bypass with custom header injection — glpiCWE-74 6.8 Medium2021-09-15
CVE-2021-39211 Disclosure of GLPI and server information in telemetry endpoint — glpiCWE-200 5.3 Medium2021-09-15
CVE-2021-39210 Autologin cookie accessible by scripts — glpiCWE-1004 6.5 Medium2021-09-15
CVE-2021-39209 Bypassable CSRF protection — glpiCWE-352 8.8 High2021-09-15
CVE-2021-21324 Insecure Direct Object Reference (IDOR) on "Solutions" — glpiCWE-639 6.8 Medium2021-03-08
CVE-2021-21325 Stored XSS in budget type — glpiCWE-79 6.2 Medium2021-03-08
CVE-2021-21326 Horizontal Privilege Escalation — glpiCWE-862 7.7 High2021-03-08
CVE-2021-21327 Unsafe Reflection in getItemForItemtype() — glpiCWE-862 6.8 Medium2021-03-08
CVE-2021-21314 XSS injection on ticket update — glpiCWE-79 5.4 Medium2021-03-03
CVE-2021-21312 Stored XSS on documents — glpiCWE-79 5.4 Medium2021-03-03
CVE-2021-21313 XSS on tabs — glpiCWE-74 4.9 Medium2021-03-03
CVE-2021-21258 XSS injection in ajax/kanban — glpiCWE-79 6.8 Medium2021-03-02
CVE-2021-21255 entities switch IDOR — glpiCWE-862 5.8 Medium2021-03-02
CVE-2020-26212 Any GLPI CalDAV calendars is read-only for every authenticated user — glpiCWE-862 7.7 High2020-11-25
CVE-2020-15226 SQL Injection in GLPI Search API — glpiCWE-89 5.0 Medium2020-10-07
CVE-2020-15217 User data exposure in GLPI — glpiCWE-79 5.3 Medium2020-10-07
CVE-2020-15177 Unauthenticated Stored XSS in GLPI — glpiCWE-79 8.0 High2020-10-07
CVE-2020-15176 SQL injection in GLPI — glpiCWE-89 8.7 High2020-10-07
CVE-2020-15175 Unauthenticated File Deletion in GLPI — glpiCWE-552 7.4 High2020-10-07
CVE-2020-11031 Insecure encryption algorithm in GLPI — GLPICWE-327 7.8 High2020-09-23
CVE-2020-15108 SQL Injection in glpi — glpiCWE-89 7.1 High2020-07-17
CVE-2020-11060 Remote Code Execution in GLPI — GLPICWE-74 7.4 High2020-05-12
CVE-2020-5248 Public GLPIKEY can be used to decrypt any data in GLPI — glpiCWE-798 7.2 High2020-05-12
CVE-2020-11036 XSS in GLPI — GLPICWE-79 7.6 High2020-05-05
CVE-2020-11035 weak CSRF tokens in GLPI — GLPICWE-327 7.5 High2020-05-05
CVE-2020-11034 bypass of manageRedirect in GLPI — GLPICWE-601 6.1 Medium2020-05-05
CVE-2020-11033 Able to read any token through API user endpoint in GLPI — GLPICWE-200 6.6 Medium2020-05-05
CVE-2020-11032 SQL injection on addme_observer and addme_assign in GLPI — GLPICWE-89 7.6 High2020-05-05

This page lists every published CVE security advisory associated with Glpi-Project. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.