Glpi-Project: >> Glpi >> 0.90.4 Security Vulnerabilities
SQL injection exists in front/devicesoundcard.php in GLPI before 9.1.5 via the start parameter.
CVSS Score
9.8
EPSS Score
0.002
Published
2017-07-28
GLPI before 9.1.5.1 has SQL Injection in the $crit variable in inc/computer_softwareversion.class.php, exploitable via ajax/common.tabs.php.
CVSS Score
9.8
EPSS Score
0.002
Published
2017-07-20
GLPI before 9.1.5.1 has SQL Injection in the condition rule field, exploitable via front/rulesengine.test.php.
CVSS Score
8.8
EPSS Score
0.002
Published
2017-07-20
Cross-Site Request Forgery (CSRF) vulnerability in GLPI 0.90.4 allows remote authenticated attackers to submit a request that could lead to the creation of an admin account in the application.
CVSS Score
8.0
EPSS Score
0.002
Published
2017-07-19
Cross-site scripting (XSS) vulnerability in GLPI 0.90.4 allows remote authenticated attackers to inject arbitrary web script or HTML by attaching a crafted HTML file to a ticket.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-07-19
GLPI before 9.1.5 allows SQL injection via an ajax/getDropdownValue.php request with an entity_restrict parameter that is not a list of integers.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-07-17
Multiple SQL injection vulnerabilities in GLPI 0.90.4 allow an authenticated remote attacker to execute arbitrary SQL commands by using a certain character when the database is configured to use Big5 Asian encoding.
CVSS Score
7.5
EPSS Score
0.004
Published
2017-06-21
Page 10