Vulnerabilities (CVE)

Filtered by vendor Glpi-project Subscribe
Filtered by product Glpi Inventory
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-31062 1 Glpi-project 1 Glpi Inventory 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
### Impact A plugin public script can be used to read content of system files. ### Patches Upgrade to version 1.0.2. ### Workarounds `b/deploy/index.php` file can be deleted if deploy feature is not used.
CVE-2022-31082 1 Glpi-project 1 Glpi Inventory 2024-02-28 7.5 HIGH 9.8 CRITICAL
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. glpi-inventory-plugin is a plugin for GLPI to handle inventory management. In affected versions a SQL injection can be made using package deployment tasks. This issue has been resolved in version 1.0.2. Users are advised to upgrade. Users unable to upgrade should delete the `front/deploypackage.public.php` file if they are not using the `deploy tasks` feature.