Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

glpi-project — Vulnerabilities & Security Advisories 160

Browse all 160 CVE security advisories affecting glpi-project. AI-powered Chinese analysis, POCs, and references for each vulnerability.

glpi-project develops an open-source IT asset management and service desk solution widely used for tracking hardware, software, and support tickets. Its architecture, primarily built on PHP and MySQL, has historically exposed it to a significant volume of security flaws, currently totaling 160 recorded CVEs. Common vulnerability classes include remote code execution, cross-site scripting, and SQL injection, often stemming from insufficient input validation or improper access controls. Privilege escalation remains a persistent risk, allowing unauthorized users to gain administrative rights. While the project maintains an active development cycle to address these issues, the sheer number of disclosed defects highlights challenges in maintaining rigorous code security standards across its extensive feature set. These incidents underscore the critical need for regular patching and secure configuration management for organizations deploying this widely adopted IT management platform.

Top products by glpi-project: GLPI glpi-inventory-plugin glpi-agent
CVE IDTitleCVSSSeverityPublished
CVE-2022-35945 Cross site scripting (XSS) via registration API in GLPI — glpiCWE-79 6.3 Medium2022-09-14
CVE-2022-31143 Leak of sensitive information through login page error in GLPI — glpiCWE-200 5.3 Medium2022-09-14
CVE-2022-31061 SQL injection on login page in GLPI — glpiCWE-89 9.8 Critical2022-06-28
CVE-2022-31068 Sensitive Data Exposure on Refused Inventory Files in GLPI — glpiCWE-200 5.3 Medium2022-06-28
CVE-2022-31056 SQL injection with _actor parameter in GLPI — glpiCWE-89 9.8 Critical2022-06-28
CVE-2022-31082 SQL Injection via package deployment tasks in glpi-inventory-plugin — glpi-inventory-pluginCWE-89 5.8 Medium2022-06-27
CVE-2022-31062 Unauthenticated Local File Inclusion — glpi-inventory-pluginCWE-22 5.3 Medium2022-06-20
CVE-2022-29250 SQL injection in GLPI — glpiCWE-89 8.1 High2022-06-09
CVE-2022-24876 Stored cross site scrpting in GLPI's Kanban — glpiCWE-79 5.4 Medium2022-06-09
CVE-2022-24869 Cross Site Scripting in GLPI — glpiCWE-79 4.6 Medium2022-04-21
CVE-2022-24868 Cross site scripting via SVG file upload in GLPI — glpiCWE-79 7.3 High2022-04-21
CVE-2022-24867 LDAP password exposure in glpi — glpiCWE-200 7.5 High2022-04-21
CVE-2021-39213 IP restriction on GLPI API Bypass with custom header injection — glpiCWE-74 6.8 Medium2021-09-15
CVE-2021-39211 Disclosure of GLPI and server information in telemetry endpoint — glpiCWE-200 5.3 Medium2021-09-15
CVE-2021-39210 Autologin cookie accessible by scripts — glpiCWE-1004 6.5 Medium2021-09-15
CVE-2021-39209 Bypassable CSRF protection — glpiCWE-352 8.8 High2021-09-15
CVE-2021-21324 Insecure Direct Object Reference (IDOR) on "Solutions" — glpiCWE-639 6.8 Medium2021-03-08
CVE-2021-21325 Stored XSS in budget type — glpiCWE-79 6.2 Medium2021-03-08
CVE-2021-21326 Horizontal Privilege Escalation — glpiCWE-862 7.7 High2021-03-08
CVE-2021-21327 Unsafe Reflection in getItemForItemtype() — glpiCWE-862 6.8 Medium2021-03-08
CVE-2021-21314 XSS injection on ticket update — glpiCWE-79 5.4 Medium2021-03-03
CVE-2021-21312 Stored XSS on documents — glpiCWE-79 5.4 Medium2021-03-03
CVE-2021-21313 XSS on tabs — glpiCWE-74 4.9 Medium2021-03-03
CVE-2021-21258 XSS injection in ajax/kanban — glpiCWE-79 6.8 Medium2021-03-02
CVE-2021-21255 entities switch IDOR — glpiCWE-862 5.8 Medium2021-03-02
CVE-2020-26212 Any GLPI CalDAV calendars is read-only for every authenticated user — glpiCWE-862 7.7 High2020-11-25
CVE-2020-15226 SQL Injection in GLPI Search API — glpiCWE-89 5.0 Medium2020-10-07
CVE-2020-15217 User data exposure in GLPI — glpiCWE-79 5.3 Medium2020-10-07
CVE-2020-15177 Unauthenticated Stored XSS in GLPI — glpiCWE-79 8.0 High2020-10-07
CVE-2020-15176 SQL injection in GLPI — glpiCWE-89 8.7 High2020-10-07

This page lists every published CVE security advisory associated with glpi-project. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.