Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

glpi-project — Vulnerabilities & Security Advisories 160

Browse all 160 CVE security advisories affecting glpi-project. AI-powered Chinese analysis, POCs, and references for each vulnerability.

glpi-project develops an open-source IT asset management and service desk solution widely used for tracking hardware, software, and support tickets. Its architecture, primarily built on PHP and MySQL, has historically exposed it to a significant volume of security flaws, currently totaling 160 recorded CVEs. Common vulnerability classes include remote code execution, cross-site scripting, and SQL injection, often stemming from insufficient input validation or improper access controls. Privilege escalation remains a persistent risk, allowing unauthorized users to gain administrative rights. While the project maintains an active development cycle to address these issues, the sheer number of disclosed defects highlights challenges in maintaining rigorous code security standards across its extensive feature set. These incidents underscore the critical need for regular patching and secure configuration management for organizations deploying this widely adopted IT management platform.

Top products by glpi-project: GLPI glpi-inventory-plugin glpi-agent
CVE IDTitleCVSSSeverityPublished
CVE-2024-28241 GlPI-Agent MSI package installation doesn't update folder security profile when using non default installation folder — glpi-agentCWE-269 7.3 High2024-04-25
CVE-2024-28240 GLPI-Agent's MSI package installation permits local users to change Agent configuration — glpi-agentCWE-20 7.3 High2024-04-25
CVE-2024-27914 Reflected Cross-Site Scripting (XSS) in search engine when debug mode is enabled in GLPI — glpiCWE-79 5.3 Medium2024-03-18
CVE-2024-27104 Stored XSS in dashboards in GLPI — glpiCWE-79 4.5 Medium2024-03-18
CVE-2024-27098 Blind Server-Side Request Forgery (SSRF) using Arbitrary Object Instantiation in GLPI — glpiCWE-918 6.4 Medium2024-03-18
CVE-2024-27096 SQL Injection in through the search engine — glpiCWE-89 7.7 High2024-03-18
CVE-2024-27930 Sensitive fields access through dropdowns in GLPI — glpiCWE-285 6.5 Medium2024-03-18
CVE-2024-27937 glpi Users emails enumeration — glpiCWE-285 6.5 Medium2024-03-18
CVE-2023-51446 GLPI LDAP Injection during authentication — glpiCWE-90 5.9 Medium2024-02-01
CVE-2024-23645 GLPI reflected XSS in reports pages — glpiCWE-79 6.5 Medium2024-02-01
CVE-2023-46727 GLPI SQL injection through inventory agent request — glpiCWE-89 8.6 High2023-12-13
CVE-2023-46726 GLPI Remote code execution from LDAP server configuration form on PHP 7.4 — glpiCWE-74 7.2 High2023-12-13
CVE-2023-43813 glpi Authenticated SQL Injection — glpiCWE-89 6.5 Medium2023-12-13
CVE-2023-42802 GLPI vulnerable to unallowed PHP script execution — glpiCWE-20 10.0 Critical2023-11-02
CVE-2023-42462 File deletion through document upload process in GLPI — glpiCWE-22 7.7 High2023-09-26
CVE-2023-42461 SQL injection in ITIL actors in GLPI — glpiCWE-89 6.5 Medium2023-09-26
CVE-2023-41888 Phishing through a login page malicious URL in GLPI — glpiCWE-22 5.3 Medium2023-09-26
CVE-2023-41326 Account takeover via Kanban feature in GLPI — glpiCWE-269 8.1 High2023-09-26
CVE-2023-41324 Account takeover through API in GLPI — glpiCWE-269 8.1 High2023-09-26
CVE-2023-41323 Users login enumeration by unauthenticated user in GLPI — glpiCWE-200 5.3 Medium2023-09-26
CVE-2023-41322 Privilege Escalation from technician to super-admin in GLPI — glpiCWE-284 4.9 Medium2023-09-26
CVE-2023-41321 Sensitive fields enumeration through API in GLPI — glpiCWE-200 4.9 Medium2023-09-26
CVE-2023-41320 Account takeover via SQL Injection in UI layout preferences in GLPI — glpiCWE-89 8.1 High2023-09-26
CVE-2023-37278 GLPI vulnerable to SQL injection via dashboard administration — glpiCWE-89 6.8 Medium2023-07-13
CVE-2023-36808 GLPI vulnerable to SQL injection through Computer Virtual Machine information — glpiCWE-89 8.6 High2023-07-05
CVE-2023-35940 GLPI vulnerable to unauthenticated access to Dashboard data — glpiCWE-284 7.5 High2023-07-05
CVE-2023-35939 GLPI vulnerable to unauthorized access to Dashboard data — glpiCWE-284 8.1 High2023-07-05
CVE-2023-35924 GLPI vulnerable to SQL injection via inventory agent request — glpiCWE-89 8.6 High2023-07-05
CVE-2023-34244 GLPI vulnerable to reflected XSS in search pages — glpiCWE-79 6.5 Medium2023-07-05
CVE-2023-34107 GLPI vulnerable to unauthorized access to KnowbaseItem data — glpiCWE-284 6.5 Medium2023-07-05

This page lists every published CVE security advisory associated with glpi-project. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.