Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

pluginsGLPI — Vulnerabilities & Security Advisories 13

Browse all 13 CVE security advisories affecting pluginsGLPI. AI-powered Chinese analysis, POCs, and references for each vulnerability.

PluginsGLPI is a plugin ecosystem for GLPI, an IT asset management system, extending functionality for ticketing, inventory, and service management. Historically, it has been susceptible to multiple remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from insufficient input validation and improper access controls. The 13 recorded CVEs highlight recurring issues in file handling and authentication mechanisms. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities suggests a need for rigorous plugin vetting and timely updates, particularly for organizations handling sensitive IT infrastructure data.

Top products by pluginsGLPI: fields addressing databaseinventory sccm barcode order formcreator escalade mreporting
CVE IDTitleCVSSSeverityPublished
CVE-2026-23489 Fields GLPI plugin vulnerable to RCE in dropdown generation — fieldsCWE-20 9.1 Critical2026-03-16
CVE-2026-22821 mreporting affected by a SQLI on date change — mreportingCWE-89 4.9 Medium2026-02-12
CVE-2025-65035 GLPI Database Inventory Plugin Vulnerable to Stored Object Injection — databaseinventoryCWE-502 6.4 Medium2025-12-19
CVE-2025-53360 pluginsGLPI's Database Inventory Plugin allows any authenticated user to send agent requests — databaseinventoryCWE-284 4.3 Medium2025-11-18
CVE-2025-27153 Escalade GLPI Plugin Vulnerable to Improper Access Control — escaladeCWE-284 6.5 Medium2025-07-01
CVE-2024-53850 The Addressing GLPI plugin allows data enumeration through uncontrolled object instantiation — addressingCWE-470 8.2 High2024-12-26
CVE-2024-45600 Fields GLPI plugin has an Authenticated SQL Injection — fieldsCWE-89 7.7 High2024-12-26
CVE-2023-33971 Formcreator vulnerable to stored XSS from ##FULLFORM## — formcreatorCWE-79 6.1 Medium2023-05-31
CVE-2023-29006 Order GLPI plugin vulnerable to remote code execution from authenticated user — orderCWE-502 8.8 High2023-04-05
CVE-2023-28855 Fields GLPI plugin vulnerable to unauthorized write access to additional fields — fieldsCWE-269 6.5 Medium2023-04-05
CVE-2021-39190 SCCM plugin for GLPI vulnerable to Exposure of Sensitive Information to an Unauthorized Actor — sccmCWE-200 5.3 Medium2022-09-22
CVE-2021-43779 Remote Command Execution vulnerability — addressingCWE-20 9.9 Critical2022-01-05
CVE-2021-43778 Path traversal in GLPI barcode plugin — barcodeCWE-22 9.1 Critical2021-11-24

This page lists every published CVE security advisory associated with pluginsGLPI. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.