glpi-project GLPI 0.71.5
Approved changes feed: RSS · Atom
cpe:2.3:a:glpi-project:glpi:0.71.5:*:*:*:*:*:*:*
part: a version: 0.71.5 update: *
| Vendor | Glpi Project (bef553f0-49a5-5069-ba42-78448263cef9) |
|---|---|
| Product | Glpi (5fde319e-7958-54ba-bdc3-1448651b65ce) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:docker/mrlioncub/glpi |
purl2cpe | 2026-06-01 10:15:46.950484 |
pkg:github/glpi-project/glpi |
purl2cpe | 2026-06-01 10:15:46.950485 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2013-5696 |
vulnerable | 2026-06-03 14:33:22.759237 |
Details available
inc/central.class.php in GLPI before 0.84.2 does not attempt to make install/install.php unavailable after an installation is completed, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and (1) perform a SQL injection via an Etape_4 action or (2) execute arbitrary PHP code via an update_1 action.
Published: 2013-09-23T01:00:00.000Z
Updated: 2024-09-16T16:17:31.120Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2013-2225 |
vulnerable | 2026-06-03 14:32:59.944515 |
Details available
inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the _predefined_fields parameter to front/ticket.form.php.
Published: 2014-05-27T15:00:00.000Z
Updated: 2024-08-06T15:27:41.113Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2012-4003 |
vulnerable | 2026-06-03 14:32:16.882677 |
Details available
Multiple cross-site scripting (XSS) vulnerabilities in GLPI-PROJECT GLPI before 0.83.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.
Published: 2012-10-09T23:00:00.000Z
Updated: 2024-08-06T20:21:04.111Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2012-4002 |
vulnerable | 2026-06-03 14:32:16.868190 |
Details available
Cross-site request forgery (CSRF) vulnerability in GLPI-PROJECT GLPI before 0.83.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Published: 2012-10-09T23:00:00.000Z
Updated: 2024-08-06T20:21:04.220Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2011-2720 |
vulnerable | 2026-06-03 14:31:10.191371 |
Details available
The autocompletion functionality in GLPI before 0.80.2 does not blacklist certain username and password fields, which allows remote attackers to obtain sensitive information via a crafted POST request.
Published: 2011-08-05T21:00:00.000Z
Updated: 2024-08-06T23:08:23.791Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.