Filtered by vendor Glpi-project
Subscriptions
Filtered by product Glpi Inventory
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-32786 | 1 Glpi-project | 1 Glpi Inventory | 2025-11-05 | 7.5 High |
| The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Versions 1.5.0 and below are vulnerable to SQL Injection. This issue is fixed in version 1.5.1. | ||||
| CVE-2022-31062 | 1 Glpi-project | 1 Glpi Inventory | 2025-04-23 | 5.3 Medium |
| ### Impact A plugin public script can be used to read content of system files. ### Patches Upgrade to version 1.0.2. ### Workarounds `b/deploy/index.php` file can be deleted if deploy feature is not used. | ||||
| CVE-2022-31082 | 1 Glpi-project | 1 Glpi Inventory | 2025-04-23 | 5.8 Medium |
| GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. glpi-inventory-plugin is a plugin for GLPI to handle inventory management. In affected versions a SQL injection can be made using package deployment tasks. This issue has been resolved in version 1.0.2. Users are advised to upgrade. Users unable to upgrade should delete the `front/deploypackage.public.php` file if they are not using the `deploy tasks` feature. | ||||
Page 1 of 1.