Glpi-Project: >> Glpi >> 0.84.2 Security Vulnerabilities
GLPI before 0.84.7 does not properly restrict access to cost information, which allows remote attackers to obtain sensitive information via the cost criteria in the search bar.
CVSS Score
5.0
EPSS Score
0.004
Published
2015-04-14
SQL injection vulnerability in ajax/getDropdownValue.php in GLPI before 0.85.1 allows remote authenticated users to execute arbitrary SQL commands via the condition parameter.
CVSS Score
6.5
EPSS Score
0.089
Published
2014-12-19
Page 10