Glpi-Project: >> Glpi >> 11.0.5 Security Vulnerabilities
GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, template injection by an administrator lead to RCE. This vulnerability is fixed in 11.0.6.
CVSS Score
9.1
EPSS Score
0.0
Published
2026-04-06
GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated user can store an XSS payload through the inventory endpoint. This vulnerability is fixed in 11.0.6.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-04-06
GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated time-based blind SQL injection exists in GLPI's Search engine. This vulnerability is fixed in 11.0.6.
CVSS Score
8.1
EPSS Score
0.0
Published
2026-04-06
GLPI is a free asset and IT management software package. From 10.0.0 to before 10.0.24 and 11.0.6, an authenticated user can perform a SQL injection via the logs export feature. This vulnerability is fixed in 10.0.24 and 11.0.6.
CVSS Score
7.2
EPSS Score
0.0
Published
2026-04-06