Glpi-Project: >> Glpi >> 9.3.0 Security Vulnerabilities
An issue was discovered in GLPI before 9.4.1. After a successful password reset by a user, it is possible to change that user's password again during the next 24 hours without any information except the associated email address.
CVSS Score
5.9
EPSS Score
0.005
Published
2019-07-10
inc/user.class.php in GLPI before 9.4.3 allows XSS via a user picture.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-07-04
The FusionInventory plugin before 1.4 for GLPI 9.3.x and before 1.1 for GLPI 9.4.x mishandles sendXML actions.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-03-29
Teclib GLPI before 9.4.1.1 is affected by a timing attack associated with a cookie.
CVSS Score
8.1
EPSS Score
0.004
Published
2019-03-27
The constructSQL function in inc/search.class.php in GLPI 9.2.x through 9.3.0 allows SQL Injection, as demonstrated by triggering a crafted LIMIT clause to front/computer.php.
CVSS Score
8.8
EPSS Score
0.003
Published
2018-07-02
Page 10