Glpi-Project: >> Glpi >> 10.0.13 Security Vulnerabilities
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated technician user can upload a malicious PHP script and hijack the plugin loader to execute this malicious script. Upgrade to 10.0.16.
CVSS Score
7.2
EPSS Score
0.082
Published
2024-07-10
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can attach a document to any item, even if the user has no write access on it. Upgrade to 10.0.16.
CVSS Score
4.3
EPSS Score
0.13
Published
2024-07-10
GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability in the saved searches feature to alter another user account data take control of it. This vulnerability is fixed in 10.0.15.
CVSS Score
7.1
EPSS Score
0.7
Published
2024-05-07
GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability from map search. This vulnerability is fixed in 10.0.15.
CVSS Score
7.7
EPSS Score
0.244
Published
2024-05-07
Page 5