Glpi-Project Glpi vulnerabilities

193 known vulnerabilities affecting glpi-project/glpi.

Total CVEs

193

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL27HIGH53MEDIUM111LOW2

Vulnerabilities

Page 8 of 10

CVE-2021-21314MEDIUMCVSS 4.8fixed in 9.5.42021-03-03

CVE-2021-21314 [MEDIUM] CWE-79 CVE-2021-21314: GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Fr GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is an XSS vulnerability involving a logged in user while updating a ticket.

nvd

CVE-2021-21255MEDIUMCVSS 5.7v9.5.3v= 9.5.32021-03-02

CVE-2021-21255 [MEDIUM] CWE-862 CVE-2021-21255: GLPI is an open-source asset and IT management software package that provides ITIL Service Desk feat GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI version 9.5.3, it was possible to switch entities with IDOR from a logged in user. This is fixed in version 9.5.4.

nvd

CVE-2021-21258MEDIUMCVSS 5.4≥ 9.5.0, < 9.5.4v>= 9.5.0, < 9.5.42021-03-02

CVE-2021-21258 [MEDIUM] CWE-79 CVE-2021-21258: GLPI is an open-source asset and IT management software package that provides ITIL Service Desk feat GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI from version 9.5.0 and before version 9.5.4, there is a cross-site scripting injection vulnerability when using ajax/kanban.php. This is fixed in version 9.5.4.

nvd

CVE-2020-27662MEDIUMCVSS 4.3fixed in 9.5.32020-11-26

CVE-2020-27662 [MEDIUM] CWE-639 CVE-2020-27662: In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object Reference (IDOR) vulnerability In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any database table (e.g., glpi_tickets, glpi_users, etc.).

nvd

CVE-2020-27663MEDIUMCVSS 4.3fixed in 9.5.32020-11-26

CVE-2020-27663 [MEDIUM] CWE-639 CVE-2020-27663: In GLPI before 9.5.3, ajax/getDropdownValue.php has an Insecure Direct Object Reference (IDOR) vulne In GLPI before 9.5.3, ajax/getDropdownValue.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any itemType (e.g., Ticket, Users, etc.).

nvd

CVE-2020-26212MEDIUMCVSS 6.5fixed in 9.5.32020-11-25

CVE-2020-26212 [MEDIUM] CWE-862 CVE-2020-26212: GLPI stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Sof GLPI stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.3, any authenticated user has read-only permissions to the planning of every other user, even admin ones. Steps to reproduce t

nvd

CVE-2020-15175CRITICALCVSS 9.1fixed in 9.5.22020-10-07

CVE-2020-15175 [CRITICAL] CWE-552 CVE-2020-15175: In GLPI before version 9.5.2, the `pluginimage.send.php` endpoint allows a user to specify an imag In GLPI before version 9.5.2, the `pluginimage.send.php` endpoint allows a user to specify an image from a plugin. The parameters can be maliciously crafted to instead delete the .htaccess file for the files directory. Any user becomes able to read all the files and folders contained in “/files/”. Some of the sensitive information that is compro

nvd

CVE-2020-15176HIGHCVSS 8.6fixed in 9.5.2v>= 0.6.8, < 9.5.22020-10-07

CVE-2020-15176 [HIGH] CWE-89 CVE-2020-15176: In GLPI before version 9.5.2, when supplying a back tick in input that gets put into a SQL query,the In GLPI before version 9.5.2, when supplying a back tick in input that gets put into a SQL query,the application does not escape or sanitize allowing for SQL Injection to occur. Leveraging this vulnerability an attacker is able to exfiltrate sensitive information like passwords, reset tokens, personal details, and more. The issue is patched in version

nvd

CVE-2020-15177MEDIUMCVSS 6.1fixed in 9.5.2v>= 0.65, < 9.5.22020-10-07

CVE-2020-15177 [MEDIUM] CWE-79 CVE-2020-15177: In GLPI before version 9.5.2, the `install/install.php` endpoint insecurely stores user input into t In GLPI before version 9.5.2, the `install/install.php` endpoint insecurely stores user input into the database as `url_base` and `url_base_api`. These settings are referenced throughout the application and allow for vulnerabilities like Cross-Site Scripting and Insecure Redirection Since authentication is not required to perform these changes,anyone

nvd

CVE-2020-15217MEDIUMCVSS 5.3≥ 9.5.0, < 9.5.2v>= 9.5.0, < 9.5.22020-10-07

CVE-2020-15217 [MEDIUM] CWE-79 CVE-2020-15217: In GLPI before version 9.5.2, there is a leakage of user information through the public FAQ. The iss In GLPI before version 9.5.2, there is a leakage of user information through the public FAQ. The issue was introduced in version 9.5.0 and patched in 9.5.2. As a workaround, disable public access to the FAQ.

nvd

CVE-2020-15226MEDIUMCVSS 4.3fixed in 9.5.2v>= 9.1, < 9.5.22020-10-07

CVE-2020-15226 [MEDIUM] CWE-89 CVE-2020-15226: In GLPI before version 9.5.2, there is a SQL Injection in the API's search function. Not only is it In GLPI before version 9.5.2, there is a SQL Injection in the API's search function. Not only is it possible to break the SQL syntax, but it is also possible to utilise a UNION SELECT query to reflect sensitive information such as the current database version, or database user. The most likely scenario for this vulnerability is with someone who has an

nvd

CVE-2020-11031HIGHCVSS 7.5fixed in 9.5.02020-09-23

CVE-2020-11031 [HIGH] CWE-327 CVE-2020-11031: In GLPI before version 9.5.0, the encryption algorithm used is insecure. The security of the data en In GLPI before version 9.5.0, the encryption algorithm used is insecure. The security of the data encrypted relies on the password used, if a user sets a weak/predictable password, an attacker could decrypt data. This is fixed in version 9.5.0 by using a more secure encryption library. The library chosen is sodium.

nvd

CVE-2020-15108HIGHCVSS 7.1fixed in 9.5.12020-07-17

CVE-2020-15108 [HIGH] CWE-89 CVE-2020-15108: In glpi before 9.5.1, there is a SQL injection for all usages of "Clone" feature. This has been fixe In glpi before 9.5.1, there is a SQL injection for all usages of "Clone" feature. This has been fixed in 9.5.1.

nvd

CVE-2020-11060HIGHCVSS 8.8PoCfixed in 9.4.62020-05-12

CVE-2020-11060 [HIGH] CWE-74 CVE-2020-11060: In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality. T In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality. Theoretically, this vulnerability can be exploited by an attacker without a valid account by using a CSRF. Due to the difficulty of the exploitation, the attack is only conceivable by an account having Maintenance privileges and the right to add WIFI netw

nvd

CVE-2020-11062MEDIUMCVSS 5.4≥ 0.68.1, < 9.4.62020-05-12

CVE-2020-11062 [MEDIUM] CWE-79 CVE-2020-11062: In GLPI after 0.68.1 and before 9.4.6, multiple reflexive XSS occur in Dropdown endpoints due to an In GLPI after 0.68.1 and before 9.4.6, multiple reflexive XSS occur in Dropdown endpoints due to an invalid Content-Type. This has been fixed in version 9.4.6.

nvd

CVE-2020-5248MEDIUMCVSS 5.3fixed in 9.4.62020-05-12

CVE-2020-5248 [MEDIUM] CWE-798 CVE-2020-5248: GLPI before before version 9.4.6 has a vulnerability involving a default encryption key. GLPIKEY is GLPI before before version 9.4.6 has a vulnerability involving a default encryption key. GLPIKEY is public and is used on every instance. This means anyone can decrypt sensitive data stored using this key. It is possible to change the key before installing GLPI. But on existing instances, data must be reencrypted with the new key. Problem is we can not

nvd

CVE-2020-11035CRITICALCVSS 9.3≥ 0.83.3, < 9.4.6v> 0.83.3, < 9.4.62020-05-05

CVE-2020-11035 [CRITICAL] CWE-327 CVE-2020-11035: In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated using an insecu In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated using an insecure algorithm. The implementation uses rand and uniqid and MD5 which does not provide secure values. This is fixed in version 9.4.6.

nvd

CVE-2020-11033HIGHCVSS 7.2≥ 9.1, < 9.4.6v>9.1, < 9.4.62020-05-05

CVE-2020-11033 [HIGH] CWE-200 CVE-2020-11033: In GLPI from version 9.1 and before version 9.4.6, any API user with READ right on User itemtype wil In GLPI from version 9.1 and before version 9.4.6, any API user with READ right on User itemtype will have access to full list of users when querying apirest.php/User. The response contains: - All api_tokens which can be used to do privileges escalations or read/update/delete data normally non accessible to the current user. - All personal_tokens can

nvd

CVE-2020-11032HIGHCVSS 7.2v9.4.5fixed in 9.4.62020-05-05

CVE-2020-11032 [HIGH] CWE-89 CVE-2020-11032: In GLPI before version 9.4.6, there is a SQL injection vulnerability for all helpdesk instances. Exp In GLPI before version 9.4.6, there is a SQL injection vulnerability for all helpdesk instances. Exploiting this vulnerability requires a technician account. This is fixed in version 9.4.6.

nvd

CVE-2020-11036MEDIUMCVSS 5.4fixed in 9.4.62020-05-05

CVE-2020-11036 [MEDIUM] CWE-79 CVE-2020-11036: In GLPI before version 9.4.6 there are multiple related stored XSS vulnerabilities. The package is v In GLPI before version 9.4.6 there are multiple related stored XSS vulnerabilities. The package is vulnerable to Stored XSS in the comments of items in the Knowledge base. Adding a comment with content "alert(1)" reproduces the attack. This can be exploited by a user with administrator privileges in the User-Agent field. It can also be exploited by a

nvd

← Previous8 / 10Next →