Glpi-Project Glpi-Inventory-Plugin vulnerabilities
7 known vulnerabilities affecting glpi-project/glpi-inventory-plugin.
Total CVEs
7
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2022-31062P3MEDIUMCVSS 5.3PoCfixed in 1.0.22022-06-20
CVE-2022-31062 [MEDIUM] CWE-22 CVE-2022-31062: ### Impact A plugin public script can be used to read content of system files. ### Patches Upgrade t
### Impact A plugin public script can be used to read content of system files. ### Patches Upgrade to version 1.0.2. ### Workarounds `b/deploy/index.php` file can be deleted if deploy feature is not used.
nvd
CVE-2025-32786P3HIGHCVSS 7.5fixed in 1.5.12025-11-04
CVE-2025-32786 [HIGH] CWE-89 CVE-2025-32786: The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collec
The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Versions 1.5.0 and below are vulnerable to SQL Injection. This issue is fixed in version 1.5.1.
nvd
CVE-2026-26001P3HIGHCVSS 8.8fixed in 1.6.62026-03-18
CVE-2026-26001 [HIGH] CWE-89 CVE-2026-26001: The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collec
The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, non sanitized user input can lend to an SQL injection from reports, with adequate rights. This vulnerability is fixed in 1.6.6.
nvd
CVE-2022-31082P3CRITICALCVSS 9.8fixed in 1.0.22022-06-27
CVE-2022-31082 [CRITICAL] CWE-89 CVE-2022-31082: GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk,
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. glpi-inventory-plugin is a plugin for GLPI to handle inventory management. In affected versions a SQL injection can be made using package deployment tasks. This issue has been resolved in version 1.0.2. Users a
nvd
CVE-2025-27147P3HIGHCVSS 8.2fixed in 1.5.02025-03-25
CVE-2025-27147 [HIGH] CWE-22 CVE-2025-27147: The GLPI Inventory Plugin handles various types of tasks for GLPI agents, including network discover
The GLPI Inventory Plugin handles various types of tasks for GLPI agents, including network discovery and inventory (SNMP), software deployment, VMWare ESX host remote inventory, and data collection (files, Windows registry, WMI). Versions prior to 1.5.0 have an improper access control vulnerability. Version 1.5.0 fixes the vulnerability.
nvd
CVE-2025-26626P4MEDIUMCVSS 6.5fixed in 1.5.02025-03-14
CVE-2025-26626 [MEDIUM] CWE-79 CVE-2025-26626: The GLPI Inventory Plugin handles various types of tasks for GLPI agents for the GLPI asset and IT m
The GLPI Inventory Plugin handles various types of tasks for GLPI agents for the GLPI asset and IT management software package. Versions prior to 1.5.0 are vulnerable to reflective cross-site scripting, which may lead to executing javascript code. Version 1.5.0 fixes the issue.
nvd
CVE-2026-25590P4MEDIUMCVSS 6.1fixed in 1.6.62026-03-03
CVE-2026-25590 [MEDIUM] CWE-79 CVE-2026-25590: The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collec
The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, there is a reflected XSS vulnerability in task jobs. This vulnerability is fixed in 1.6.6.
nvd