Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

glpi-project — Vulnerabilities & Security Advisories 160

Browse all 160 CVE security advisories affecting glpi-project. AI-powered Chinese analysis, POCs, and references for each vulnerability.

glpi-project develops an open-source IT asset management and service desk solution widely used for tracking hardware, software, and support tickets. Its architecture, primarily built on PHP and MySQL, has historically exposed it to a significant volume of security flaws, currently totaling 160 recorded CVEs. Common vulnerability classes include remote code execution, cross-site scripting, and SQL injection, often stemming from insufficient input validation or improper access controls. Privilege escalation remains a persistent risk, allowing unauthorized users to gain administrative rights. While the project maintains an active development cycle to address these issues, the sheer number of disclosed defects highlights challenges in maintaining rigorous code security standards across its extensive feature set. These incidents underscore the critical need for regular patching and secure configuration management for organizations deploying this widely adopted IT management platform.

Found 150 results / 160Clear Filters
Top products by glpi-project: GLPI glpi-inventory-plugin glpi-agent
CVE IDTitleCVSSSeverityPublished
CVE-2026-29047 GLPI has an Authenticated SQL Injection via log exports — glpiCWE-89 7.2 High2026-04-06
CVE-2026-26263 GLPI has an Unauthenticated SQL Injection via Search engine — glpiCWE-89 8.1 High2026-04-06
CVE-2026-26027 GLPI has an Unauthenticated Stored XSS via inventory — glpiCWE-79 7.5 High2026-04-06
CVE-2026-26026 GLPI has a Server-Side Template Injection via Double-Compilation — glpiCWE-94 9.1 Critical2026-04-06
CVE-2026-25932 GLPI has Stored XSS in Supplier 'Website' field — glpiCWE-116 7.2 High2026-04-06
CVE-2026-25937 GLPI has a MFA bypass — glpiCWE-287 6.5 Medium2026-03-17
CVE-2026-25936 GLPI Vulnerable to Authenticated SQL Injection — glpiCWE-89 6.5 Medium2026-03-17
CVE-2026-22248 GLPI affected by Remote Code Execution via malicious upload — glpiCWE-502 8.1 High2026-03-11
CVE-2026-22044 GLPI is Vulnerable to Authenticated SQL Injection — glpiCWE-89 6.5 Medium2026-02-04
CVE-2026-23624 GLPI is vulnerable to session stealing on externally authenticated user change — glpiCWE-384 4.3 Medium2026-02-04
CVE-2026-22247 GLPI is Vulnerable to SSRF via Webhooks — glpiCWE-918 4.1 Medium2026-02-04
CVE-2025-66417 GLPI has an unauthenticated SQL injection through the inventory endpoint — glpiCWE-89 7.5 High2026-01-15
CVE-2025-64516 GLPI incorrectly authorizes access to documents — glpiCWE-284 7.5 High2026-01-15
CVE-2023-53943 GLPI 9.5.7 Username Enumeration Vulnerability via Lost Password Endpoint — GLPICWE-203 5.3 Medium2025-12-18
CVE-2025-64520 GLPI vulnerable to unauthorized access to restricted Knowledge Base items through the API — glpiCWE-862 6.5 Medium2025-12-16
CVE-2025-59935 GLPI Vulnerable to Unauthenticated Stored XSS on the Inventory page — glpiCWE-79 6.5 Medium2025-12-16
CVE-2025-53105 GLPI permits unauthorized rules execution order — glpiCWE-269 7.5 High2025-08-27
CVE-2025-53357 GLPI permits reservation modification by unauthorized users — glpiCWE-639 5.4 Medium2025-07-30
CVE-2025-53113 GLPI technicians can access unauthorized information through external links — glpiCWE-284 2.7 Low2025-07-30
CVE-2025-53112 GLPI's incomprehensive permission checks can lead to data removal from allowed users — glpiCWE-284 4.3 Medium2025-07-30
CVE-2025-53111 GLPI exposes data to non-allowed users — glpiCWE-284 6.5 Medium2025-07-30
CVE-2025-53008 GLPI's MailCollector Receiver is vulnerable to credential exfiltration — glpiCWE-522 6.5 Medium2025-07-30
CVE-2025-52897 GLPI is vulnerable to XSS and open redirection attacks through planning feature — glpiCWE-80 6.5 Medium2025-07-30
CVE-2025-52567 GLPI has overly permissive URL verification — glpiCWE-918 3.5 Low2025-07-30
CVE-2025-27514 GLPI is susceptible to Stored XSS attack through project's kanban — glpiCWE-80 4.5 Medium2025-07-29
CVE-2025-24801 GLPI allows authenticated remote code execution — glpiCWE-434 8.6 High2025-03-18
CVE-2025-24799 GLPI allows unauthenticated SQL injection through the inventory endpoint — glpiCWE-89 7.5 High2025-03-18
CVE-2025-21619 GLPI allows SQL injection through the rules configuration — glpiCWE-89 7.2 -2025-03-18
CVE-2025-25192 GLPI allows unauthorized access to debug mode — glpiCWE-200 6.5 Medium2025-02-25
CVE-2025-23046 GLPI vulnerable to unauthorized authentication by email using the OAuthIMAP plugin — glpiCWE-303 8.8 -2025-02-25

This page lists every published CVE security advisory associated with glpi-project. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.