Vulnerabilidades en Glpi-Project
168 resultadosCVE-2025-24801HIGHGLPI allows authenticated remote code executionEPSS 17.5%CVE-2020-11060HIGHRemote Code Execution in GLPIEPSS 10.9%CVE-2026-26263HIGHGLPI has an Unauthenticated SQL Injection via Search engineEPSS 8.7%CVE-2022-31056CRITICALSQL injection with _actor parameter in GLPIEPSS 8.6%CVE-2020-11034MEDIUMbypass of manageRedirect in GLPIEPSS 7.6%CVE-2025-32786HIGHGLPI Inventory Plugin is Vulnerable to Unauthenticated SQL InjectionEPSS 6.0%CVE-2022-31062MEDIUMUnauthenticated Local File InclusionEPSS 5.5%CVE-2021-39211MEDIUMDisclosure of GLPI and server information in telemetry endpointEPSS 4.4%CVE-2021-21327MEDIUMUnsafe Reflection in getItemForItemtype()EPSS 2.3%CVE-2020-5248HIGHPublic GLPIKEY can be used to decrypt any data in GLPIEPSS 1.4%CVE-2021-21324MEDIUMInsecure Direct Object Reference (IDOR) on "Solutions"EPSS 1.4%CVE-2021-21326HIGHHorizontal Privilege EscalationEPSS 1.4%CVE-2023-46726HIGHGLPI Remote code execution from LDAP server configuration form on PHP 7.4EPSS 1.3%CVE-2024-43416HIGHGLPI vulnerable to enumeration of users' email addresses by unauthenticated userEPSS 1.2%CVE-2020-15108HIGHSQL Injection in glpiEPSS 1.2%CVE-2022-24867HIGHLDAP password exposure in glpiEPSS 1.2%CVE-2020-26212HIGHAny GLPI CalDAV calendars is read-only for every authenticated userEPSS 1.2%CVE-2024-27930MEDIUMSensitive fields access through dropdowns in GLPIEPSS 1.1%CVE-2020-15176HIGHSQL injection in GLPIEPSS 1.1%CVE-2023-42462HIGHFile deletion through document upload process in GLPIEPSS 1.0%