Vulnerabilities (CVE)

Filtered by vendor Teclib-edition Subscribe
Filtered by product Gestionnaire Libre De Parc Informatique
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-10232 1 Teclib-edition 1 Gestionnaire Libre De Parc Informatique 2024-11-21 7.5 HIGH 9.8 CRITICAL
Teclib GLPI through 9.3.3 has SQL injection via the "cycle" parameter in /scripts/unlock_tasks.php.
CVE-2019-10231 1 Teclib-edition 1 Gestionnaire Libre De Parc Informatique 2024-11-21 7.5 HIGH 9.8 CRITICAL
Teclib GLPI before 9.4.1.1 is affected by a PHP type juggling vulnerability allowing bypass of authentication. This occurs in Auth::checkPassword() (inc/auth.class.php).