Page 27 of 152 results (0.015 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in GLPI through 9.2.1. The application is affected by XSS in the query string to front/preference.php. An attacker is able to create a malicious URL that, if opened by an authenticated user with debug privilege, will execute JavaScript code supplied by the attacker. The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes. Se ha descubierto un problema en GLPI hasta su versión 9.2.1. • https://github.com/glpi-project/glpi/pull/3647 https://membership.backbox.org/glpi-9-2-1-multiple-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

A remote code execution issue was discovered in GLPI through 9.2.1. There is a race condition that allows temporary access to an uploaded executable file that will be disallowed. The application allows an authenticated user to upload a file when he/she creates a new ticket via front/fileupload.php. This feature is protected using different types of security features like the check on the file's extension. However, the application uploads and creates a file, though this file is not allowed, and then deletes the file in the uploadFiles method in inc/glpiuploaderhandler.class.php. • https://github.com/glpi-project/glpi/pull/3650 https://membership.backbox.org/glpi-9-2-1-multiple-vulnerabilities • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

SQL injection exists in front/devicesoundcard.php in GLPI before 9.1.5 via the start parameter. Se presenta una inyección SQL en el archivo front/devicesoundcard.php en GLPI anterior a la versión 9.1.5, por medio del parámetro start. • https://github.com/glpi-project/glpi/issues/2449 https://github.com/glpi-project/glpi/releases/tag/9.1.5 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

front/backup.php in GLPI before 9.1.5 allows remote authenticated administrators to delete arbitrary files via a crafted file parameter. El archivo front/backup.php en GLPI anterior a la versión 9.1.5, permite a los administradores autenticados remotos eliminar archivos arbitrarios por medio de un parámetro file creado. • https://github.com/glpi-project/glpi/issues/2450 https://github.com/glpi-project/glpi/releases/tag/9.1.5 • CWE-20: Improper Input Validation •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

GLPI before 9.1.5.1 has SQL Injection in the $crit variable in inc/computer_softwareversion.class.php, exploitable via ajax/common.tabs.php. GLPI anterior a versión 9.1.5.1, presenta Inyección SQL en la variable $crit en el archivo inc/computer_softwareversion.class.php, explotable mediante ajax/common.tabs.php. • https://github.com/glpi-project/glpi/issues/2475 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •