Glpi-project Glpi
178 CVEs affecting Glpi-project Glpi. Latest disclosed: 2026-06-03. Critical: 10, High: 51.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-42802 | Critical | 10.0 | 2023-11-02 | GLPI is a free asset and IT management software package. Starting in version 10.0.7 and prior to version 10.0.10, an unverified object instantiation allows one… |
CVE-2023-28849 | Critical | 10.0 | 2023-04-05 | GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.7, GLPI inventory endpoint can be used to drive a… |
CVE-2022-35947 | Critical | 10.0 | 2022-09-14 | GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licen… |
CVE-2022-31061 | Critical | 9.8 | 2022-06-28 | GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versio… |
CVE-2022-31056 | Critical | 9.8 | 2022-06-28 | GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versio… |
CVE-2017-11184 | Critical | 9.8 | 2017-07-28 | SQL injection exists in front/devicesoundcard.php in GLPI before 9.1.5 via the start parameter. |
CVE-2017-11474 | Critical | 9.8 | 2017-07-20 | GLPI before 9.1.5.1 has SQL Injection in the $crit variable in inc/computer_softwareversion.class.php, exploitable via ajax/common.tabs.php. |
CVE-2017-11329 | Critical | 9.8 | 2017-07-17 | GLPI before 9.1.5 allows SQL injection via an ajax/getDropdownValue.php request with an entity_restrict parameter that is not a list of integers. |
CVE-2023-28838 | Critical | 9.6 | 2023-04-05 | GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 9.5.13 and 10.0.7, a SQL Injection vulnerability allow… |
CVE-2026-26026 | Critical | 9.1 | 2026-04-06 | GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, template injection by an administrator lead to RCE. This vulnerability i… |
CVE-2023-28634 | High | 8.8 | 2023-04-05 | GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, a user who has the Technician profil… |
CVE-2021-39209 | High | 8.8 | 2021-09-15 | GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, a user who is logged in to GLPI can bypass Cross-Site Request Forgery (CSR… |
CVE-2017-11475 | High | 8.8 | 2017-07-20 | GLPI before 9.1.5.1 has SQL Injection in the condition rule field, exploitable via front/rulesengine.test.php. |
CVE-2020-15176 | High | 8.7 | 2020-10-07 | In GLPI before version 9.5.2, when supplying a back tick in input that gets put into a SQL query,the application does not escape or sanitize allowing for SQL I… |
CVE-2025-24801 | High | 8.6 | 2025-03-18 | GLPI is a free asset and IT management software package. An authenticated user can upload and force the execution of *.php files located on the GLPI server. Th… |
CVE-2023-46727 | High | 8.6 | 2023-12-13 | GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, GLPI inventory endpoint can be used to drive… |
CVE-2023-36808 | High | 8.6 | 2023-07-05 | GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.8, Computer Virtual Machine form and GLPI inventory… |
CVE-2023-35924 | High | 8.6 | 2023-07-05 | GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.8, GLPI inventory endpoint can be used to drive a… |
CVE-2026-26263 | High | 8.1 | 2026-04-06 | GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated time-based blind SQL injection exists in GLPI's Searc… |
CVE-2026-22248 | High | 8.1 | 2026-03-11 | GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. From 11.0.0… |