Shodan
Vulnerabilities
Vulnerable Software
Glpi-Project:  >> Glpi  >> 10.0.16  Security Vulnerabilities
CVE-2024-45609
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability located in the reports pages. Upgrade to 10.0.17.
CVSS Score
6.5
EPSS Score
0.011
Published
2024-11-15
CVE-2024-45608
GLPI is a free asset and IT management software package. An authenticated user can perfom a SQL injection by changing its preferences. Upgrade to 10.0.17.
CVSS Score
6.5
EPSS Score
0.006
Published
2024-11-15
CVE-2024-41679
GLPI is a free asset and IT management software package. An authenticated user can exploit a SQL injection vulnerability from the ticket form. Upgrade to 10.0.17.
CVSS Score
6.5
EPSS Score
0.005
Published
2024-11-15
CVE-2024-43417
GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability located in the Software form. Upgrade to 10.0.17.
CVSS Score
6.5
EPSS Score
0.011
Published
2024-11-15
CVE-2024-43418
GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability. Upgrade to 10.0.17.
CVSS Score
6.5
EPSS Score
0.014
Published
2024-11-15
CVE-2024-47759
GLPI is a free Asset and IT management software package. An technician can upload a SVG containing a malicious script. The script will then be executed when any user will try to see the document contents. Upgrade to 10.0.17.
CVSS Score
4.8
EPSS Score
0.005
Published
2024-11-15
CVE-2024-40638
GLPI is a free asset and IT management software package. An authenticated user can exploit multiple SQL injection vulnerabilities. One of them can be used to alter another user account data and take control of it. Upgrade to 10.0.17.
CVSS Score
8.1
EPSS Score
0.093
Published
2024-11-15
CVE-2024-41678
GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability. Upgrade to 10.0.17.
CVSS Score
6.5
EPSS Score
0.008
Published
2024-11-15


Products
Pricing
Contact Us

Shodan ® - All rights reserved