Page 22 of 129 results (0.007 seconds)

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0

Teclib GLPI before 9.4.1.1 is affected by a timing attack associated with a cookie. Teclib GLPI, en versiones anteriores a la 9.4.1.1, se ha visto afectado por un ataque de sincronización asociado a una cookie. • https://github.com/glpi-project/glpi/pull/5562 https://github.com/glpi-project/glpi/releases/tag/9.4.1.1 • CWE-203: Observable Discrepancy •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

The constructSQL function in inc/search.class.php in GLPI 9.2.x through 9.3.0 allows SQL Injection, as demonstrated by triggering a crafted LIMIT clause to front/computer.php. La función constructSQL en inc/search.class.php en GLPI en versiones 9.2.x hasta la 9.3.0 permite la inyección SQL, tal y como queda demostrado con la activación de una cláusula LIMIT en front/computer.php. • https://github.com/glpi-project/glpi/issues/4270 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in GLPI through 9.2.1. The application is affected by XSS in the query string to front/preference.php. An attacker is able to create a malicious URL that, if opened by an authenticated user with debug privilege, will execute JavaScript code supplied by the attacker. The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes. Se ha descubierto un problema en GLPI hasta su versión 9.2.1. • https://github.com/glpi-project/glpi/pull/3647 https://membership.backbox.org/glpi-9-2-1-multiple-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

A remote code execution issue was discovered in GLPI through 9.2.1. There is a race condition that allows temporary access to an uploaded executable file that will be disallowed. The application allows an authenticated user to upload a file when he/she creates a new ticket via front/fileupload.php. This feature is protected using different types of security features like the check on the file's extension. However, the application uploads and creates a file, though this file is not allowed, and then deletes the file in the uploadFiles method in inc/glpiuploaderhandler.class.php. • https://github.com/glpi-project/glpi/pull/3650 https://membership.backbox.org/glpi-9-2-1-multiple-vulnerabilities • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

SQL injection exists in front/devicesoundcard.php in GLPI before 9.1.5 via the start parameter. Se presenta una inyección SQL en el archivo front/devicesoundcard.php en GLPI anterior a la versión 9.1.5, por medio del parámetro start. • https://github.com/glpi-project/glpi/issues/2449 https://github.com/glpi-project/glpi/releases/tag/9.1.5 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •