Exposición de GLPI
CRM, Web frameworks51
score de exposición
131
sitios usan
0
en explotación
8
críticos
CVEs
163 resultadosCVE-2025-24801HIGHGLPI allows authenticated remote code executionEPSS 17.5%CVE-2013-2227—GLPI 0.83.7 has Local File Inclusion in common.tabs.php.EPSS 13.0%CVE-2020-11060HIGHRemote Code Execution in GLPIEPSS 10.9%CVE-2026-26263HIGHGLPI has an Unauthenticated SQL Injection via Search engineEPSS 8.7%CVE-2020-11034MEDIUMbypass of manageRedirect in GLPIEPSS 7.6%CVE-2022-31056CRITICALSQL injection with _actor parameter in GLPIEPSS 7.1%CVE-2021-39211MEDIUMDisclosure of GLPI and server information in telemetry endpointEPSS 4.4%CVE-2021-21327MEDIUMUnsafe Reflection in getItemForItemtype()EPSS 2.3%CVE-2020-5248HIGHPublic GLPIKEY can be used to decrypt any data in GLPIEPSS 1.4%CVE-2021-21324MEDIUMInsecure Direct Object Reference (IDOR) on "Solutions"EPSS 1.4%CVE-2021-3486—GLPi 9.5.4 does not sanitize the metadata. This way its possible to insert XSS into plugins to execute JavaScript code.EPSS 1.4%CVE-2021-21326HIGHHorizontal Privilege EscalationEPSS 1.4%CVE-2023-46726HIGHGLPI Remote code execution from LDAP server configuration form on PHP 7.4EPSS 1.3%CVE-2024-43416HIGHGLPI vulnerable to enumeration of users' email addresses by unauthenticated userEPSS 1.2%CVE-2020-15108HIGHSQL Injection in glpiEPSS 1.2%CVE-2022-24867HIGHLDAP password exposure in glpiEPSS 1.2%CVE-2020-26212HIGHAny GLPI CalDAV calendars is read-only for every authenticated userEPSS 1.2%CVE-2024-27930MEDIUMSensitive fields access through dropdowns in GLPIEPSS 1.1%CVE-2020-15176HIGHSQL injection in GLPIEPSS 1.1%CVE-2023-42462HIGHFile deletion through document upload process in GLPIEPSS 1.0%
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →