GCVE - cpe:2.3:a:glpi-project:glpi:0.30:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:glpi-project:glpi:0.30:*:*:*:*:*:*:*

part: a version: 0.30 update: *

Vendor	Glpi Project (`bef553f0-49a5-5069-ba42-78448263cef9`)
Product	Glpi (`5fde319e-7958-54ba-bdc3-1448651b65ce`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:docker/mrlioncub/glpi`	purl2cpe	2026-06-01 10:15:46.950353
`pkg:github/glpi-project/glpi`	purl2cpe	2026-06-01 10:15:46.950354

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2013-5696`	vulnerable	2026-06-03 14:33:22.744102	Details available inc/central.class.php in GLPI before 0.84.2 does not attempt to make install/install.php unavailable after an installation is completed, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and (1) perform a SQL injection via an Etape_4 action or (2) execute arbitrary PHP code via an update_1 action. Published: 2013-09-23T01:00:00.000Z Updated: 2024-09-16T16:17:31.120Z Open on db.gcve.eu Reference links https://forge.indepnet.net/projects/glpi/repository/revisions/21753/diff/branches/0.84-bugfixes/inc/central.class.php https://forge.indepnet.net/issues/4480 https://forge.indepnet.net/projects/glpi/repository/revisions/21753 https://www.navixia.com/blog/entry/navixia-finds-critical-vulnerabilities-in-glpi-cve-2013-5696.html http://www.glpi-project.org/spip.php?page=annonce&id_breve=308	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-2225`	vulnerable	2026-06-03 14:32:59.929112	Details available inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the _predefined_fields parameter to front/ticket.form.php. Published: 2014-05-27T15:00:00.000Z Updated: 2024-08-06T15:27:41.113Z Open on db.gcve.eu Reference links https://forge.indepnet.net/projects/glpi/repository/revisions/21169/diff http://osvdb.org/94683 http://www.securityfocus.com/bid/60823 http://seclists.org/oss-sec/2013/q2/626 http://seclists.org/oss-sec/2013/q2/645	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-4003`	vulnerable	2026-06-03 14:32:16.882059	Details available Multiple cross-site scripting (XSS) vulnerabilities in GLPI-PROJECT GLPI before 0.83.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors. Published: 2012-10-09T23:00:00.000Z Updated: 2024-08-06T20:21:04.111Z Open on db.gcve.eu Reference links https://forge.indepnet.net/issues/3705 http://www.openwall.com/lists/oss-security/2012/07/13/1 http://www.mandriva.com/security/advisories?name=MDVSA-2012:132 https://forge.indepnet.net/projects/glpi/versions/771	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-4002`	vulnerable	2026-06-03 14:32:16.853203	Details available Cross-site request forgery (CSRF) vulnerability in GLPI-PROJECT GLPI before 0.83.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Published: 2012-10-09T23:00:00.000Z Updated: 2024-08-06T20:21:04.220Z Open on db.gcve.eu Reference links http://www.openwall.com/lists/oss-security/2012/07/13/1 https://forge.indepnet.net/issues/3707 http://www.mandriva.com/security/advisories?name=MDVSA-2012:132 https://forge.indepnet.net/issues/3704 https://forge.indepnet.net/projects/glpi/versions/771	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.