Glpi-Project: >> Glpi >> 0.84.8 Security Vulnerabilities
Unrestricted file upload in GLPI before 0.85.3 allows remote authenticated users to execute arbitrary code by adding a file with an executable extension as an attachment to a new ticket, then accessing it via a direct request to the file in files/_tmp/.
CVSS Score
9.0
EPSS Score
0.017
Published
2015-10-05
SQL injection vulnerability in ajax/getDropdownValue.php in GLPI before 0.85.1 allows remote authenticated users to execute arbitrary SQL commands via the condition parameter.
CVSS Score
6.5
EPSS Score
0.091
Published
2014-12-19
Page 10