Teclib-Edition Gestionnaire Libre De Parc Informatique vulnerabilities
2 known vulnerabilities affecting teclib-edition/gestionnaire_libre_de_parc_informatique.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL2
Vulnerabilities
Page 1 of 1
CVE-2019-10232P1CRITICALCVSS 9.8ExploitedPoC≤ 9.3.32019-03-27
CVE-2019-10232 [CRITICAL] CWE-89 CVE-2019-10232: Teclib GLPI through 9.3.3 has SQL injection via the "cycle" parameter in /scripts/unlock_tasks.php.
Teclib GLPI through 9.3.3 has SQL injection via the "cycle" parameter in /scripts/unlock_tasks.php.
nvd
CVE-2019-10231P3CRITICALCVSS 9.8fixed in 9.4.1.12019-03-27
CVE-2019-10231 [CRITICAL] CWE-843 CVE-2019-10231: Teclib GLPI before 9.4.1.1 is affected by a PHP type juggling vulnerability allowing bypass of authe
Teclib GLPI before 9.4.1.1 is affected by a PHP type juggling vulnerability allowing bypass of authentication. This occurs in Auth::checkPassword() (inc/auth.class.php).
nvd