Glpi Inventory
Approved changes feed: RSS · Atom
cpe:2.3:a:glpi-project:glpi_inventory:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Glpi Project (bef553f0-49a5-5069-ba42-78448263cef9) |
|---|---|
| Product | Glpi Inventory (626094a4-38b3-583f-8a82-34ee9267e10e) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/glpi-project/glpi-inventory-plugin |
purl2cpe | 2026-06-01 10:15:46.902861 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-26001 |
vulnerable | 2026-06-03 15:18:04.593187 |
GLPI Inventory Plugin has SQL Injection on dropdown_calendar Report
HIGH (7.1)
The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, non sanitized user input can lend to an SQL injection from reports, with adequate rights. This vulnerability is fixed in 1.6.6.
Published: 2026-03-17T23:18:01.387Z
Updated: 2026-03-18T20:16:53.878Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-25590 |
vulnerable | 2026-06-03 15:16:54.860360 |
GLPI Inventory Plugin has Reflected XSS in task jobs
MEDIUM (4.5)
The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, there is a reflected XSS vulnerability in task jobs. This vulnerability is fixed in 1.6.6.
Published: 2026-03-03T22:14:01.596Z
Updated: 2026-03-04T16:52:27.907Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-31082 |
vulnerable | 2026-06-03 14:47:10.587189 |
SQL Injection via package deployment tasks in glpi-inventory-plugin
MEDIUM (5.8)
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. glpi-inventory-plugin is a plugin for GLPI to handle inventory management. In affected versions a SQL injection can be made using package deployment tasks. This issue has been resolved in version 1.0.2. Users are advised to upgrade. Users unable to upgrade should delete the `front/deploypackage.public.php` file if they are not using the `deploy tasks` feature.
Published: 2022-06-27T20:30:22.000Z
Updated: 2025-04-23T18:07:31.644Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-31062 |
vulnerable | 2026-06-03 14:47:10.544148 |
Unauthenticated Local File Inclusion
MEDIUM (5.3)
### Impact A plugin public script can be used to read content of system files. ### Patches Upgrade to version 1.0.2. ### Workarounds `b/deploy/index.php` file can be deleted if deploy feature is not used.
Published: 2022-06-20T00:00:00.000Z
Updated: 2025-04-23T18:09:19.439Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.