Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    30 vulnerabilities by pluginsGLPI

    CVE-2026-11321 (GCVE-0-2026-11321)

    Vulnerability from nvd – Published: 2026-07-10 18:53 – Updated: 2026-07-14 13:45
    VLAI
    Title
    GLPI DataInjection Plugin Authenticated SQL Injection via CSV Import
    Summary
    The DataInjection plugin for GLPI 2.15.6 (GLPI 11 builds) concatenates user-supplied CSV field values directly into SQL queries during CSV import, without parameterization or escaping, resulting in authenticated SQL injection. An authenticated user with access to the Data injection feature can embed SQL expressions such as SLEEP() in a mapped field (for example Serial Number) to manipulate the generated query and extract database information via time-based blind injection.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Vendor Product Version
    pluginsGLPI datainjection Affected: 2.15.6 , < 2.15.7 (semver)
    Create a notification for this product.
    Date Public
    2026-07-10 00:00
    Credits
    ryukk33
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11321",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T13:45:06.439200Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T13:45:32.819Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "datainjection",
              "vendor": "pluginsGLPI",
              "versions": [
                {
                  "lessThan": "2.15.7",
                  "status": "affected",
                  "version": "2.15.6",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "ryukk33"
            }
          ],
          "datePublic": "2026-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The DataInjection plugin for GLPI 2.15.6 (GLPI 11 builds) concatenates user-supplied CSV field values directly into SQL queries during CSV import, without parameterization or escaping, resulting in authenticated SQL injection. An authenticated user with access to the Data injection feature can embed SQL expressions such as SLEEP() in a mapped field (for example Serial Number) to manipulate the generated query and extract database information via time-based blind injection."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:56:01.882Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory GHSA-57qv-j6r6-pcc4",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/pluginsGLPI/datainjection/security/advisories/GHSA-57qv-j6r6-pcc4"
            },
            {
              "name": "DataInjection 2.15.7 Release",
              "tags": [
                "patch"
              ],
              "url": "https://github.com/pluginsGLPI/datainjection/releases/tag/2.15.7"
            },
            {
              "name": "Product",
              "tags": [
                "product"
              ],
              "url": "https://github.com/pluginsGLPI/datainjection"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/glpi-datainjection-plugin-authenticated-sql-injection-via-csv-import"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "GLPI DataInjection Plugin Authenticated SQL Injection via CSV Import",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-11321",
        "datePublished": "2026-07-10T18:53:56.004Z",
        "dateReserved": "2026-06-04T20:57:26.934Z",
        "dateUpdated": "2026-07-14T13:45:32.819Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-53987 (GCVE-0-2026-53987)

    Vulnerability from nvd – Published: 2026-07-09 15:44 – Updated: 2026-07-10 15:37
    VLAI
    Title
    GLPI 11 before 2.14.4 Tag Plugin Stored Cross-Site Scripting in Kanban Badge Rendering
    Summary
    The Tag plugin for GLPI 11 before 2.14.4 stores the tag name without HTML sanitization and renders it into the Kanban badge markup via PluginTagTag::preKanbanContent() without output escaping, resulting in stored cross-site scripting. An authenticated user with TAG MANAGEMENT create or update rights can set a tag name containing HTML, which then executes in the browser of any user who opens the Kanban view of a ticket, problem, change, or project the tag is attached to.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Tag plugin GLPI 11 Affected: 2.6.0 , < 2.14.4 (semver)
    Create a notification for this product.
    Date Public
    2026-07-09 00:00
    Credits
    chapochapo
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-53987",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T17:48:51.132634Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T17:49:14.675Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GLPI 11",
              "vendor": "Tag plugin",
              "versions": [
                {
                  "lessThan": "2.14.4",
                  "status": "affected",
                  "version": "2.6.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "chapochapo"
            }
          ],
          "datePublic": "2026-07-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Tag plugin for GLPI 11 before 2.14.4 stores the tag name without HTML sanitization and renders it into the Kanban badge markup via PluginTagTag::preKanbanContent() without output escaping, resulting in stored cross-site scripting. An authenticated user with TAG MANAGEMENT create or update rights can set a tag name containing HTML, which then executes in the browser of any user who opens the Kanban view of a ticket, problem, change, or project the tag is attached to."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T15:37:52.045Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory GHSA-6rpj-89c7-x2mh",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/pluginsGLPI/tag/security/advisories/GHSA-6rpj-89c7-x2mh"
            },
            {
              "name": "Tag Plugin 2.14.4 Release",
              "tags": [
                "patch"
              ],
              "url": "https://github.com/pluginsGLPI/tag/releases/tag/2.14.4"
            },
            {
              "name": "Product",
              "tags": [
                "product"
              ],
              "url": "https://github.com/pluginsGLPI/tag"
            },
            {
              "name": "Patch Commit",
              "tags": [
                "patch"
              ],
              "url": "https://github.com/pluginsGLPI/tag/commit/49e6b6eb5f83bcd84139a5e5ec54c0ddd14acc90"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "GLPI 11 before 2.14.4 Tag Plugin Stored Cross-Site Scripting in Kanban Badge Rendering",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-53987",
        "datePublished": "2026-07-09T15:44:04.474Z",
        "dateReserved": "2026-06-11T16:07:13.001Z",
        "dateUpdated": "2026-07-10T15:37:52.045Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-23489 (GCVE-0-2026-23489)

    Vulnerability from nvd – Published: 2026-03-16 17:12 – Updated: 2026-03-16 17:51
    VLAI
    Title
    Fields GLPI plugin vulnerable to RCE in dropdown generation
    Summary
    Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to version 1.23.3, it is possible to execute arbitrary PHP code from users that are allowed to create dropdowns. This issue has been patched in version 1.23.3.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    pluginsGLPI fields Affected: < 1.23.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-23489",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-16T17:46:27.792352Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-16T17:51:31.011Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "fields",
              "vendor": "pluginsGLPI",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.23.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to version 1.23.3, it is possible to execute arbitrary PHP code from users that are allowed to create dropdowns. This issue has been patched in version 1.23.3."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-16T17:12:43.964Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/pluginsGLPI/fields/security/advisories/GHSA-rj7q-mmx9-fhq7",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/pluginsGLPI/fields/security/advisories/GHSA-rj7q-mmx9-fhq7"
            },
            {
              "name": "https://github.com/pluginsGLPI/fields/releases/tag/1.23.3",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pluginsGLPI/fields/releases/tag/1.23.3"
            }
          ],
          "source": {
            "advisory": "GHSA-rj7q-mmx9-fhq7",
            "discovery": "UNKNOWN"
          },
          "title": "Fields GLPI plugin vulnerable to RCE in dropdown generation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-23489",
        "datePublished": "2026-03-16T17:12:43.964Z",
        "dateReserved": "2026-01-13T15:47:41.628Z",
        "dateUpdated": "2026-03-16T17:51:31.011Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-22821 (GCVE-0-2026-22821)

    Vulnerability from nvd – Published: 2026-02-12 18:43 – Updated: 2026-02-12 19:31
    VLAI
    Title
    mreporting affected by a SQLI on date change
    Summary
    mreporting is the more reporting GLPI plugin. Prior to 1.9.4, there is a possible SQL injection on date change. This vulnerability is fixed in 1.9.4.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    pluginsGLPI mreporting Affected: < 1.9.4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-22821",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-12T19:25:10.709903Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-12T19:31:55.400Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "mreporting",
              "vendor": "pluginsGLPI",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.9.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "mreporting is the more reporting GLPI plugin. Prior to 1.9.4, there is a possible SQL injection on date change. This vulnerability is fixed in 1.9.4."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-12T18:43:59.249Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/pluginsGLPI/mreporting/security/advisories/GHSA-24q7-h59q-33w8",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/pluginsGLPI/mreporting/security/advisories/GHSA-24q7-h59q-33w8"
            },
            {
              "name": "https://github.com/pluginsGLPI/mreporting/commit/6f4a3caf9c1f7bbed1d910795d6e918d039f1f72",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pluginsGLPI/mreporting/commit/6f4a3caf9c1f7bbed1d910795d6e918d039f1f72"
            }
          ],
          "source": {
            "advisory": "GHSA-24q7-h59q-33w8",
            "discovery": "UNKNOWN"
          },
          "title": "mreporting affected by a SQLI on date change"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-22821",
        "datePublished": "2026-02-12T18:43:59.249Z",
        "dateReserved": "2026-01-09T22:50:10.289Z",
        "dateUpdated": "2026-02-12T19:31:55.400Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-65035 (GCVE-0-2025-65035)

    Vulnerability from nvd – Published: 2025-12-19 16:35 – Updated: 2025-12-19 18:00
    VLAI
    Title
    GLPI Database Inventory Plugin Vulnerable to Stored Object Injection
    Summary
    pluginsGLPI's Database Inventory Plugin "manages" the Teclib' inventory agents in order to perform an inventory of the databases present on the workstation. Prior to version 1.1.2, in certain conditions (database write access must first be obtained through another vulnerability or misconfiguration), user-controlled data is stored insecurely in the database via computergroup, and is later unserialized on every page load, allowing arbitrary PHP object instantiation. Version 1.1.2 fixes the issue.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-65035",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-19T17:24:10.147346Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-19T18:00:25.116Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "databaseinventory",
              "vendor": "pluginsGLPI",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.1.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "pluginsGLPI\u0027s Database Inventory Plugin \"manages\" the Teclib\u0027 inventory agents in order to perform an inventory of the databases present on the workstation. Prior to version 1.1.2, in certain conditions (database write access must first be obtained through another vulnerability or misconfiguration), user-controlled data is stored insecurely in the database via computergroup, and is later unserialized on every page load, allowing arbitrary PHP object instantiation. Version 1.1.2 fixes the issue."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502: Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-19T16:35:56.944Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/pluginsGLPI/databaseinventory/security/advisories/GHSA-xc3r-32rx-3j4j",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/pluginsGLPI/databaseinventory/security/advisories/GHSA-xc3r-32rx-3j4j"
            },
            {
              "name": "https://github.com/pluginsGLPI/databaseinventory/commit/08c7055d2c5fc744cb092d7d56a608e359c56f1a",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pluginsGLPI/databaseinventory/commit/08c7055d2c5fc744cb092d7d56a608e359c56f1a"
            },
            {
              "name": "https://github.com/pluginsGLPI/databaseinventory/blob/1.1.2/CHANGELOG.md#112---2025-11-25",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pluginsGLPI/databaseinventory/blob/1.1.2/CHANGELOG.md#112---2025-11-25"
            }
          ],
          "source": {
            "advisory": "GHSA-xc3r-32rx-3j4j",
            "discovery": "UNKNOWN"
          },
          "title": "GLPI Database Inventory Plugin Vulnerable to Stored Object Injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-65035",
        "datePublished": "2025-12-19T16:35:56.944Z",
        "dateReserved": "2025-11-13T15:36:51.684Z",
        "dateUpdated": "2025-12-19T18:00:25.116Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-53360 (GCVE-0-2025-53360)

    Vulnerability from nvd – Published: 2025-11-18 16:12 – Updated: 2025-11-18 18:22
    VLAI
    Title
    pluginsGLPI's Database Inventory Plugin allows any authenticated user to send agent requests
    Summary
    pluginsGLPI's Database Inventory Plugin "manages" the Teclib' inventory agents in order to perform an inventory of the databases present on the workstation. In versions prior to 1.0.3, any authenticated user could send requests to agents. This issue has been patched in version 1.0.3.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53360",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-18T18:22:19.644618Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-18T18:22:25.605Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "databaseinventory",
              "vendor": "pluginsGLPI",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.0.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "pluginsGLPI\u0027s Database Inventory Plugin \"manages\" the Teclib\u0027 inventory agents in order to perform an inventory of the databases present on the workstation. In versions prior to 1.0.3, any authenticated user could send requests to agents. This issue has been patched in version 1.0.3."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-18T16:12:15.116Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/pluginsGLPI/databaseinventory/security/advisories/GHSA-5j5j-xr62-jr58",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/pluginsGLPI/databaseinventory/security/advisories/GHSA-5j5j-xr62-jr58"
            },
            {
              "name": "https://github.com/pluginsGLPI/databaseinventory/commit/0a376a0c6f4142e11ea518faefe95c01b176fd87",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pluginsGLPI/databaseinventory/commit/0a376a0c6f4142e11ea518faefe95c01b176fd87"
            },
            {
              "name": "https://github.com/pluginsGLPI/databaseinventory/commit/7dcad1efb6ee84e9cffb3b446cdb47dc0be1091e",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pluginsGLPI/databaseinventory/commit/7dcad1efb6ee84e9cffb3b446cdb47dc0be1091e"
            },
            {
              "name": "https://github.com/pluginsGLPI/databaseinventory/commit/e9d4474acdab4141a6f4798cdd406b0d04480269",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pluginsGLPI/databaseinventory/commit/e9d4474acdab4141a6f4798cdd406b0d04480269"
            }
          ],
          "source": {
            "advisory": "GHSA-5j5j-xr62-jr58",
            "discovery": "UNKNOWN"
          },
          "title": "pluginsGLPI\u0027s Database Inventory Plugin allows any authenticated user to send agent requests"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-53360",
        "datePublished": "2025-11-18T16:12:15.116Z",
        "dateReserved": "2025-06-27T12:57:16.121Z",
        "dateUpdated": "2025-11-18T18:22:25.605Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-27153 (GCVE-0-2025-27153)

    Vulnerability from nvd – Published: 2025-07-01 18:27 – Updated: 2025-07-01 19:35
    VLAI
    Title
    Escalade GLPI Plugin Vulnerable to Improper Access Control
    Summary
    Escalade GLPI plugin is a ticket escalation process helper for GLPI. Prior to version 2.9.11, there is an improper access control vulnerability. This can lead to data exposure and workflow disruptions. This issue has been patched in version 2.9.11.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    pluginsGLPI escalade Affected: < 2.9.11
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-27153",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-01T19:34:37.266649Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-01T19:35:43.790Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "escalade",
              "vendor": "pluginsGLPI",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.9.11"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Escalade GLPI plugin is a ticket escalation process helper for GLPI. Prior to version 2.9.11, there is an improper access control vulnerability. This can lead to data exposure and workflow disruptions. This issue has been patched in version 2.9.11."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-01T18:27:50.677Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/pluginsGLPI/escalade/security/advisories/GHSA-pvqv-8r3r-47m9",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/pluginsGLPI/escalade/security/advisories/GHSA-pvqv-8r3r-47m9"
            },
            {
              "name": "https://github.com/pluginsGLPI/escalade/releases/tag/2.9.11",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pluginsGLPI/escalade/releases/tag/2.9.11"
            }
          ],
          "source": {
            "advisory": "GHSA-pvqv-8r3r-47m9",
            "discovery": "UNKNOWN"
          },
          "title": "Escalade GLPI Plugin Vulnerable to Improper Access Control"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-27153",
        "datePublished": "2025-07-01T18:27:50.677Z",
        "dateReserved": "2025-02-19T16:30:47.780Z",
        "dateUpdated": "2025-07-01T19:35:43.790Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-53850 (GCVE-0-2024-53850)

    Vulnerability from nvd – Published: 2024-12-26 21:41 – Updated: 2024-12-27 16:18
    VLAI
    Title
    The Addressing GLPI plugin allows data enumeration through uncontrolled object instantiation
    Summary
    The Addressing GLPI plugin enables you to create IP reports for visualize IP addresses used and free on a given network.. Starting with 3.0.0 and before 3.0.3, a poor security check allows an unauthenticated attacker to determine whether data exists (by name) in GLPI.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-470 - Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    pluginsGLPI addressing Affected: >= 3.0.0 < 3.0.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-53850",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-27T16:18:33.280505Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-27T16:18:41.207Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "addressing",
              "vendor": "pluginsGLPI",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 3.0.0 \u003c 3.0.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Addressing GLPI plugin enables you to create IP reports for visualize IP addresses used and free on a given network.. Starting with 3.0.0 and before 3.0.3, a poor security check allows an unauthenticated attacker to determine whether data exists (by name) in GLPI."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-470",
                  "description": "CWE-470: Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-26T21:41:55.270Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/pluginsGLPI/addressing/security/advisories/GHSA-fw42-79gw-7qr9",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/pluginsGLPI/addressing/security/advisories/GHSA-fw42-79gw-7qr9"
            },
            {
              "name": "https://github.com/pluginsGLPI/addressing/commit/b334187a99206abbd7d0bc84f720b0a6e69e92f0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pluginsGLPI/addressing/commit/b334187a99206abbd7d0bc84f720b0a6e69e92f0"
            }
          ],
          "source": {
            "advisory": "GHSA-fw42-79gw-7qr9",
            "discovery": "UNKNOWN"
          },
          "title": "The Addressing GLPI plugin allows data enumeration through uncontrolled object instantiation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-53850",
        "datePublished": "2024-12-26T21:41:55.270Z",
        "dateReserved": "2024-11-22T17:30:02.140Z",
        "dateUpdated": "2024-12-27T16:18:41.207Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-45600 (GCVE-0-2024-45600)

    Vulnerability from nvd – Published: 2024-12-26 21:27 – Updated: 2024-12-30 14:53
    VLAI
    Title
    Fields GLPI plugin has an Authenticated SQL Injection
    Summary
    Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to 1.21.13, an authenticated user can perform a SQL injection when the plugin is active. The vulnerability is fixed in 1.21.13.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    pluginsGLPI fields Affected: < 1.21.13
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45600",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-30T14:53:11.947866Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-30T14:53:26.436Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "fields",
              "vendor": "pluginsGLPI",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.21.13"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to 1.21.13, an authenticated user can perform a SQL injection when the plugin is active. The vulnerability is fixed in 1.21.13."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-26T21:27:01.168Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/pluginsGLPI/fields/security/advisories/GHSA-wwxw-64g6-2992",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/pluginsGLPI/fields/security/advisories/GHSA-wwxw-64g6-2992"
            },
            {
              "name": "https://github.com/pluginsGLPI/fields/commit/eb927b0f084ee4ef6c87ab2eb7a15e99369e74ae#diff-a7024a397fba9a026157683da73cc675ec6b73bd900374b3836bcdc76ec7bd5cR1166",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pluginsGLPI/fields/commit/eb927b0f084ee4ef6c87ab2eb7a15e99369e74ae#diff-a7024a397fba9a026157683da73cc675ec6b73bd900374b3836bcdc76ec7bd5cR1166"
            }
          ],
          "source": {
            "advisory": "GHSA-wwxw-64g6-2992",
            "discovery": "UNKNOWN"
          },
          "title": "Fields GLPI plugin has an Authenticated SQL Injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-45600",
        "datePublished": "2024-12-26T21:27:01.168Z",
        "dateReserved": "2024-09-02T16:00:02.423Z",
        "dateUpdated": "2024-12-30T14:53:26.436Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-33971 (GCVE-0-2023-33971)

    Vulnerability from nvd – Published: 2023-05-31 17:56 – Updated: 2025-01-09 20:20
    VLAI
    Title
    Formcreator vulnerable to stored XSS from ##FULLFORM##
    Summary
    Formcreator is a GLPI plugin which allow creation of custom forms and the creation of one or more tickets when the form is filled. A probable stored cross-site scripting vulnerability is present in Formcreator 2.13.5 and prior via the use of the use of `##FULLFORM##` for rendering. This could result in arbitrary javascript code execution in an admin/tech context. A patch is unavailable as of time of publication. As a workaround, one may use a regular expression to remove `< > "` in all fields.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    pluginsGLPI formcreator Affected: <= 2.13.5
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:54:14.105Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/pluginsGLPI/formcreator/security/advisories/GHSA-777g-3848-8r3g",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/pluginsGLPI/formcreator/security/advisories/GHSA-777g-3848-8r3g"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-33971",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-09T20:20:29.619837Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-09T20:20:40.283Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "formcreator",
              "vendor": "pluginsGLPI",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 2.13.5"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Formcreator is a GLPI plugin which allow creation of custom forms and the creation of one or more tickets when the form is filled. A probable stored cross-site scripting vulnerability is present in Formcreator 2.13.5 and prior via the use of the use of `##FULLFORM##` for rendering. This could result in arbitrary javascript code execution in an admin/tech context. A patch is unavailable as of time of publication. As a workaround, one may use a regular expression to remove `\u003c \u003e \"` in all fields."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-31T17:56:18.413Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/pluginsGLPI/formcreator/security/advisories/GHSA-777g-3848-8r3g",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/pluginsGLPI/formcreator/security/advisories/GHSA-777g-3848-8r3g"
            }
          ],
          "source": {
            "advisory": "GHSA-777g-3848-8r3g",
            "discovery": "UNKNOWN"
          },
          "title": "Formcreator vulnerable to stored XSS from ##FULLFORM##"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2023-33971",
        "datePublished": "2023-05-31T17:56:18.413Z",
        "dateReserved": "2023-05-24T13:46:35.954Z",
        "dateUpdated": "2025-01-09T20:20:40.283Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-29006 (GCVE-0-2023-29006)

    Vulnerability from nvd – Published: 2023-04-05 17:53 – Updated: 2025-02-10 15:23
    VLAI
    Title
    Order GLPI plugin vulnerable to remote code execution from authenticated user
    Summary
    The Order GLPI plugin allows users to manage order management within GLPI. Starting with version 1.8.0 and prior to versions 2.7.7 and 2.10.1, an authenticated user that has access to standard interface can craft an URL that can be used to execute a system command. Versions 2.7.7 and 2.10.1 contain a patch for this issue. As a workaround, delete the `ajax/dropdownContact.php` file from the plugin.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    References
    Impacted products
    Vendor Product Version
    pluginsGLPI order Affected: >= 1.8.0, < 2.7.7
    Affected: >= 2.10.0, < 2.10.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:00:14.398Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/pluginsGLPI/order/security/advisories/GHSA-xfx2-qx2r-3wwm",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/pluginsGLPI/order/security/advisories/GHSA-xfx2-qx2r-3wwm"
              },
              {
                "name": "https://github.com/pluginsGLPI/order/commit/c78e64b95e54d5e47d9835984c93049f245b579e",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/pluginsGLPI/order/commit/c78e64b95e54d5e47d9835984c93049f245b579e"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-29006",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-10T15:23:31.220646Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-10T15:23:39.714Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "order",
              "vendor": "pluginsGLPI",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.8.0, \u003c 2.7.7"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.10.0, \u003c 2.10.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Order GLPI plugin allows users to manage order management within GLPI. Starting with version 1.8.0 and prior to versions 2.7.7 and 2.10.1, an authenticated user that has access to standard interface can craft an URL that can be used to execute a system command. Versions 2.7.7 and 2.10.1 contain a patch for this issue. As a workaround, delete the `ajax/dropdownContact.php` file from the plugin."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502: Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-05T17:53:03.041Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/pluginsGLPI/order/security/advisories/GHSA-xfx2-qx2r-3wwm",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/pluginsGLPI/order/security/advisories/GHSA-xfx2-qx2r-3wwm"
            },
            {
              "name": "https://github.com/pluginsGLPI/order/commit/c78e64b95e54d5e47d9835984c93049f245b579e",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pluginsGLPI/order/commit/c78e64b95e54d5e47d9835984c93049f245b579e"
            }
          ],
          "source": {
            "advisory": "GHSA-xfx2-qx2r-3wwm",
            "discovery": "UNKNOWN"
          },
          "title": "Order GLPI plugin vulnerable to remote code execution from authenticated user"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2023-29006",
        "datePublished": "2023-04-05T17:53:03.041Z",
        "dateReserved": "2023-03-29T17:39:16.142Z",
        "dateUpdated": "2025-02-10T15:23:39.714Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-28855 (GCVE-0-2023-28855)

    Vulnerability from nvd – Published: 2023-04-05 17:48 – Updated: 2025-02-10 16:27
    VLAI
    Title
    Fields GLPI plugin vulnerable to unauthorized write access to additional fields
    Summary
    Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to versions 1.13.1 and 1.20.4, lack of access control check allows any authenticated user to write data to any fields container, including those to which they have no configured access. Versions 1.13.1 and 1.20.4 contain a patch for this issue.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Vendor Product Version
    pluginsGLPI fields Affected: < 1.13.1
    Affected: >= 1.20.0, < 1.20.4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T13:51:38.639Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/pluginsGLPI/fields/security/advisories/GHSA-52vv-hm4x-8584",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/pluginsGLPI/fields/security/advisories/GHSA-52vv-hm4x-8584"
              },
              {
                "name": "https://github.com/pluginsGLPI/fields/commit/784260be7db185bb1e7d66b299997238c4c0205d",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/pluginsGLPI/fields/commit/784260be7db185bb1e7d66b299997238c4c0205d"
              },
              {
                "name": "https://github.com/pluginsGLPI/fields/releases/tag/1.13.1",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/pluginsGLPI/fields/releases/tag/1.13.1"
              },
              {
                "name": "https://github.com/pluginsGLPI/fields/releases/tag/1.20.4",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/pluginsGLPI/fields/releases/tag/1.20.4"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-28855",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-10T16:27:27.665693Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-10T16:27:40.112Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "fields",
              "vendor": "pluginsGLPI",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.13.1"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.20.0, \u003c 1.20.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to versions 1.13.1 and 1.20.4, lack of access control check allows any authenticated user to write data to any fields container, including those to which they have no configured access. Versions 1.13.1 and 1.20.4 contain a patch for this issue."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269: Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-05T17:48:22.384Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/pluginsGLPI/fields/security/advisories/GHSA-52vv-hm4x-8584",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/pluginsGLPI/fields/security/advisories/GHSA-52vv-hm4x-8584"
            },
            {
              "name": "https://github.com/pluginsGLPI/fields/commit/784260be7db185bb1e7d66b299997238c4c0205d",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pluginsGLPI/fields/commit/784260be7db185bb1e7d66b299997238c4c0205d"
            },
            {
              "name": "https://github.com/pluginsGLPI/fields/releases/tag/1.13.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pluginsGLPI/fields/releases/tag/1.13.1"
            },
            {
              "name": "https://github.com/pluginsGLPI/fields/releases/tag/1.20.4",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pluginsGLPI/fields/releases/tag/1.20.4"
            }
          ],
          "source": {
            "advisory": "GHSA-52vv-hm4x-8584",
            "discovery": "UNKNOWN"
          },
          "title": "Fields GLPI plugin vulnerable to unauthorized write access to additional fields"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2023-28855",
        "datePublished": "2023-04-05T17:48:22.384Z",
        "dateReserved": "2023-03-24T16:25:34.468Z",
        "dateUpdated": "2025-02-10T16:27:40.112Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-39190 (GCVE-0-2021-39190)

    Vulnerability from nvd – Published: 2022-09-22 16:30 – Updated: 2025-04-23 16:56
    VLAI
    Title
    SCCM plugin for GLPI vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
    Summary
    The SCCM plugin for GLPI is a plugin to synchronize computers from SCCM (version 1802) to GLPI. In versions prior to 2.3.0, the Configuration page is publicly accessible in read-only mode. This issue is patched in version 2.3.0. No known workarounds exist.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    Impacted products
    Vendor Product Version
    pluginsGLPI sccm Affected: < 2.3.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:58:18.169Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/pluginsGLPI/sccm/security/advisories/GHSA-3324-57w6-jxcq"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/pluginsGLPI/sccm/commit/29a7f92d32a0cf9aa3f22c52c50b738274d2813e"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-39190",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-23T15:51:15.454232Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-23T16:56:34.675Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "sccm",
              "vendor": "pluginsGLPI",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The SCCM plugin for GLPI is a plugin to synchronize computers from SCCM (version 1802) to GLPI. In versions prior to 2.3.0, the Configuration page is publicly accessible in read-only mode. This issue is patched in version 2.3.0. No known workarounds exist."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-22T16:30:15.000Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/pluginsGLPI/sccm/security/advisories/GHSA-3324-57w6-jxcq"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pluginsGLPI/sccm/commit/29a7f92d32a0cf9aa3f22c52c50b738274d2813e"
            }
          ],
          "source": {
            "advisory": "GHSA-3324-57w6-jxcq",
            "discovery": "UNKNOWN"
          },
          "title": "SCCM plugin for GLPI vulnerable to Exposure of Sensitive Information to an Unauthorized Actor",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-advisories@github.com",
              "ID": "CVE-2021-39190",
              "STATE": "PUBLIC",
              "TITLE": "SCCM plugin for GLPI vulnerable to Exposure of Sensitive Information to an Unauthorized Actor"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "sccm",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c 2.3.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "pluginsGLPI"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The SCCM plugin for GLPI is a plugin to synchronize computers from SCCM (version 1802) to GLPI. In versions prior to 2.3.0, the Configuration page is publicly accessible in read-only mode. This issue is patched in version 2.3.0. No known workarounds exist."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/pluginsGLPI/sccm/security/advisories/GHSA-3324-57w6-jxcq",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/pluginsGLPI/sccm/security/advisories/GHSA-3324-57w6-jxcq"
                },
                {
                  "name": "https://github.com/pluginsGLPI/sccm/commit/29a7f92d32a0cf9aa3f22c52c50b738274d2813e",
                  "refsource": "MISC",
                  "url": "https://github.com/pluginsGLPI/sccm/commit/29a7f92d32a0cf9aa3f22c52c50b738274d2813e"
                }
              ]
            },
            "source": {
              "advisory": "GHSA-3324-57w6-jxcq",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2021-39190",
        "datePublished": "2022-09-22T16:30:15.000Z",
        "dateReserved": "2021-08-16T00:00:00.000Z",
        "dateUpdated": "2025-04-23T16:56:34.675Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-43779 (GCVE-0-2021-43779)

    Vulnerability from nvd – Published: 2022-01-05 18:45 – Updated: 2025-09-08 15:33
    VLAI
    Title
    Remote Command Execution vulnerability
    Summary
    GLPI is an open source IT Asset Management, issue tracking system and service desk system. The GLPI addressing plugin in versions < 2.9.1 suffers from authenticated Remote Code Execution vulnerability, allowing access to the server's underlying operating system using command injection abuse of functionality. There is no workaround for this issue and users are advised to upgrade or to disable the addressing plugin.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    pluginsGLPI addressing Affected: < 2.9.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-09-08T15:33:16.901Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://github.com/hansmach1ne/CVE-portfolio/tree/main/CVE-2021-43779"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/pluginsGLPI/addressing/security/advisories/GHSA-q5fp-xpr8-77jh"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/pluginsGLPI/addressing/commit/6f55964803054a5acb5feda92c7c7f1d91ab5366"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/hansmach1ne/MyExploits/tree/main/RCE_GLPI_addressing_plugin"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-43779",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-22T15:42:30.567643Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-22T18:34:23.930Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "addressing",
              "vendor": "pluginsGLPI",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.9.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GLPI is an open source IT Asset Management, issue tracking system and service desk system. The GLPI addressing plugin in versions \u003c 2.9.1 suffers from authenticated Remote Code Execution vulnerability, allowing access to the server\u0027s underlying operating system using command injection abuse of functionality. There is no workaround for this issue and users are advised to upgrade or to disable the addressing plugin."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-16T18:00:25.000Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/pluginsGLPI/addressing/security/advisories/GHSA-q5fp-xpr8-77jh"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pluginsGLPI/addressing/commit/6f55964803054a5acb5feda92c7c7f1d91ab5366"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/hansmach1ne/MyExploits/tree/main/RCE_GLPI_addressing_plugin"
            }
          ],
          "source": {
            "advisory": "GHSA-q5fp-xpr8-77jh",
            "discovery": "UNKNOWN"
          },
          "title": "Remote Command Execution vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-advisories@github.com",
              "ID": "CVE-2021-43779",
              "STATE": "PUBLIC",
              "TITLE": "Remote Command Execution vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "addressing",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c 2.9.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "pluginsGLPI"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "GLPI is an open source IT Asset Management, issue tracking system and service desk system. The GLPI addressing plugin in versions \u003c 2.9.1 suffers from authenticated Remote Code Execution vulnerability, allowing access to the server\u0027s underlying operating system using command injection abuse of functionality. There is no workaround for this issue and users are advised to upgrade or to disable the addressing plugin."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-20: Improper Input Validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/pluginsGLPI/addressing/security/advisories/GHSA-q5fp-xpr8-77jh",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/pluginsGLPI/addressing/security/advisories/GHSA-q5fp-xpr8-77jh"
                },
                {
                  "name": "https://github.com/pluginsGLPI/addressing/commit/6f55964803054a5acb5feda92c7c7f1d91ab5366",
                  "refsource": "MISC",
                  "url": "https://github.com/pluginsGLPI/addressing/commit/6f55964803054a5acb5feda92c7c7f1d91ab5366"
                },
                {
                  "name": "https://github.com/hansmach1ne/MyExploits/tree/main/RCE_GLPI_addressing_plugin",
                  "refsource": "MISC",
                  "url": "https://github.com/hansmach1ne/MyExploits/tree/main/RCE_GLPI_addressing_plugin"
                }
              ]
            },
            "source": {
              "advisory": "GHSA-q5fp-xpr8-77jh",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2021-43779",
        "datePublished": "2022-01-05T18:45:11.000Z",
        "dateReserved": "2021-11-16T00:00:00.000Z",
        "dateUpdated": "2025-09-08T15:33:16.901Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-43778 (GCVE-0-2021-43778)

    Vulnerability from nvd – Published: 2021-11-24 18:50 – Updated: 2025-09-08 15:26
    VLAI Shadowserver KEVIntel
    Title
    Path traversal in GLPI barcode plugin
    Summary
    Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability. This issue was patched in version 2.6.1. As a workaround, delete the `front/send.php` file.
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    pluginsGLPI barcode Affected: >= 2.0.0, < 2.6.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-09-08T15:26:50.189Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://github.com/hansmach1ne/CVE-portfolio/tree/main/CVE-2021-43778"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/pluginsGLPI/barcode/security/advisories/GHSA-2pjh-h828-wcw9"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/pluginsGLPI/barcode/commit/428c3d9adfb446e8492b1c2b7affb3d34072ff46"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/hansmach1ne/MyExploits/tree/main/Path%20Traversal%20in%20GLPI%20Barcode%20plugin"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/pluginsGLPI/barcode/releases/tag/2.6.1"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "barcode",
              "vendor": "pluginsGLPI",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 2.0.0, \u003c 2.6.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability. This issue was patched in version 2.6.1. As a workaround, delete the `front/send.php` file."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-11-24T18:50:10.000Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/pluginsGLPI/barcode/security/advisories/GHSA-2pjh-h828-wcw9"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pluginsGLPI/barcode/commit/428c3d9adfb446e8492b1c2b7affb3d34072ff46"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/hansmach1ne/MyExploits/tree/main/Path%20Traversal%20in%20GLPI%20Barcode%20plugin"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pluginsGLPI/barcode/releases/tag/2.6.1"
            }
          ],
          "source": {
            "advisory": "GHSA-2pjh-h828-wcw9",
            "discovery": "UNKNOWN"
          },
          "title": "Path traversal in GLPI barcode plugin",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-advisories@github.com",
              "ID": "CVE-2021-43778",
              "STATE": "PUBLIC",
              "TITLE": "Path traversal in GLPI barcode plugin"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "barcode",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003e= 2.0.0, \u003c 2.6.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "pluginsGLPI"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability. This issue was patched in version 2.6.1. As a workaround, delete the `front/send.php` file."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/pluginsGLPI/barcode/security/advisories/GHSA-2pjh-h828-wcw9",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/pluginsGLPI/barcode/security/advisories/GHSA-2pjh-h828-wcw9"
                },
                {
                  "name": "https://github.com/pluginsGLPI/barcode/commit/428c3d9adfb446e8492b1c2b7affb3d34072ff46",
                  "refsource": "MISC",
                  "url": "https://github.com/pluginsGLPI/barcode/commit/428c3d9adfb446e8492b1c2b7affb3d34072ff46"
                },
                {
                  "name": "https://github.com/hansmach1ne/MyExploits/tree/main/Path%20Traversal%20in%20GLPI%20Barcode%20plugin",
                  "refsource": "MISC",
                  "url": "https://github.com/hansmach1ne/MyExploits/tree/main/Path%20Traversal%20in%20GLPI%20Barcode%20plugin"
                },
                {
                  "name": "https://github.com/pluginsGLPI/barcode/releases/tag/2.6.1",
                  "refsource": "MISC",
                  "url": "https://github.com/pluginsGLPI/barcode/releases/tag/2.6.1"
                }
              ]
            },
            "source": {
              "advisory": "GHSA-2pjh-h828-wcw9",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2021-43778",
        "datePublished": "2021-11-24T18:50:10.000Z",
        "dateReserved": "2021-11-16T00:00:00.000Z",
        "dateUpdated": "2025-09-08T15:26:50.189Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-11321 (GCVE-0-2026-11321)

    Vulnerability from cvelistv5 – Published: 2026-07-10 18:53 – Updated: 2026-07-14 13:45
    VLAI
    Title
    GLPI DataInjection Plugin Authenticated SQL Injection via CSV Import
    Summary
    The DataInjection plugin for GLPI 2.15.6 (GLPI 11 builds) concatenates user-supplied CSV field values directly into SQL queries during CSV import, without parameterization or escaping, resulting in authenticated SQL injection. An authenticated user with access to the Data injection feature can embed SQL expressions such as SLEEP() in a mapped field (for example Serial Number) to manipulate the generated query and extract database information via time-based blind injection.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Vendor Product Version
    pluginsGLPI datainjection Affected: 2.15.6 , < 2.15.7 (semver)
    Create a notification for this product.
    Date Public
    2026-07-10 00:00
    Credits
    ryukk33
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11321",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T13:45:06.439200Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T13:45:32.819Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "datainjection",
              "vendor": "pluginsGLPI",
              "versions": [
                {
                  "lessThan": "2.15.7",
                  "status": "affected",
                  "version": "2.15.6",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "ryukk33"
            }
          ],
          "datePublic": "2026-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The DataInjection plugin for GLPI 2.15.6 (GLPI 11 builds) concatenates user-supplied CSV field values directly into SQL queries during CSV import, without parameterization or escaping, resulting in authenticated SQL injection. An authenticated user with access to the Data injection feature can embed SQL expressions such as SLEEP() in a mapped field (for example Serial Number) to manipulate the generated query and extract database information via time-based blind injection."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:56:01.882Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory GHSA-57qv-j6r6-pcc4",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/pluginsGLPI/datainjection/security/advisories/GHSA-57qv-j6r6-pcc4"
            },
            {
              "name": "DataInjection 2.15.7 Release",
              "tags": [
                "patch"
              ],
              "url": "https://github.com/pluginsGLPI/datainjection/releases/tag/2.15.7"
            },
            {
              "name": "Product",
              "tags": [
                "product"
              ],
              "url": "https://github.com/pluginsGLPI/datainjection"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/glpi-datainjection-plugin-authenticated-sql-injection-via-csv-import"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "GLPI DataInjection Plugin Authenticated SQL Injection via CSV Import",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-11321",
        "datePublished": "2026-07-10T18:53:56.004Z",
        "dateReserved": "2026-06-04T20:57:26.934Z",
        "dateUpdated": "2026-07-14T13:45:32.819Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-53987 (GCVE-0-2026-53987)

    Vulnerability from cvelistv5 – Published: 2026-07-09 15:44 – Updated: 2026-07-10 15:37
    VLAI
    Title
    GLPI 11 before 2.14.4 Tag Plugin Stored Cross-Site Scripting in Kanban Badge Rendering
    Summary
    The Tag plugin for GLPI 11 before 2.14.4 stores the tag name without HTML sanitization and renders it into the Kanban badge markup via PluginTagTag::preKanbanContent() without output escaping, resulting in stored cross-site scripting. An authenticated user with TAG MANAGEMENT create or update rights can set a tag name containing HTML, which then executes in the browser of any user who opens the Kanban view of a ticket, problem, change, or project the tag is attached to.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Tag plugin GLPI 11 Affected: 2.6.0 , < 2.14.4 (semver)
    Create a notification for this product.
    Date Public
    2026-07-09 00:00
    Credits
    chapochapo
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-53987",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T17:48:51.132634Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T17:49:14.675Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GLPI 11",
              "vendor": "Tag plugin",
              "versions": [
                {
                  "lessThan": "2.14.4",
                  "status": "affected",
                  "version": "2.6.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "chapochapo"
            }
          ],
          "datePublic": "2026-07-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Tag plugin for GLPI 11 before 2.14.4 stores the tag name without HTML sanitization and renders it into the Kanban badge markup via PluginTagTag::preKanbanContent() without output escaping, resulting in stored cross-site scripting. An authenticated user with TAG MANAGEMENT create or update rights can set a tag name containing HTML, which then executes in the browser of any user who opens the Kanban view of a ticket, problem, change, or project the tag is attached to."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T15:37:52.045Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory GHSA-6rpj-89c7-x2mh",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/pluginsGLPI/tag/security/advisories/GHSA-6rpj-89c7-x2mh"
            },
            {
              "name": "Tag Plugin 2.14.4 Release",
              "tags": [
                "patch"
              ],
              "url": "https://github.com/pluginsGLPI/tag/releases/tag/2.14.4"
            },
            {
              "name": "Product",
              "tags": [
                "product"
              ],
              "url": "https://github.com/pluginsGLPI/tag"
            },
            {
              "name": "Patch Commit",
              "tags": [
                "patch"
              ],
              "url": "https://github.com/pluginsGLPI/tag/commit/49e6b6eb5f83bcd84139a5e5ec54c0ddd14acc90"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "GLPI 11 before 2.14.4 Tag Plugin Stored Cross-Site Scripting in Kanban Badge Rendering",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-53987",
        "datePublished": "2026-07-09T15:44:04.474Z",
        "dateReserved": "2026-06-11T16:07:13.001Z",
        "dateUpdated": "2026-07-10T15:37:52.045Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-23489 (GCVE-0-2026-23489)

    Vulnerability from cvelistv5 – Published: 2026-03-16 17:12 – Updated: 2026-03-16 17:51
    VLAI
    Title
    Fields GLPI plugin vulnerable to RCE in dropdown generation
    Summary
    Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to version 1.23.3, it is possible to execute arbitrary PHP code from users that are allowed to create dropdowns. This issue has been patched in version 1.23.3.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    pluginsGLPI fields Affected: < 1.23.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-23489",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-16T17:46:27.792352Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-16T17:51:31.011Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "fields",
              "vendor": "pluginsGLPI",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.23.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to version 1.23.3, it is possible to execute arbitrary PHP code from users that are allowed to create dropdowns. This issue has been patched in version 1.23.3."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-16T17:12:43.964Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/pluginsGLPI/fields/security/advisories/GHSA-rj7q-mmx9-fhq7",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/pluginsGLPI/fields/security/advisories/GHSA-rj7q-mmx9-fhq7"
            },
            {
              "name": "https://github.com/pluginsGLPI/fields/releases/tag/1.23.3",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pluginsGLPI/fields/releases/tag/1.23.3"
            }
          ],
          "source": {
            "advisory": "GHSA-rj7q-mmx9-fhq7",
            "discovery": "UNKNOWN"
          },
          "title": "Fields GLPI plugin vulnerable to RCE in dropdown generation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-23489",
        "datePublished": "2026-03-16T17:12:43.964Z",
        "dateReserved": "2026-01-13T15:47:41.628Z",
        "dateUpdated": "2026-03-16T17:51:31.011Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-22821 (GCVE-0-2026-22821)

    Vulnerability from cvelistv5 – Published: 2026-02-12 18:43 – Updated: 2026-02-12 19:31
    VLAI
    Title
    mreporting affected by a SQLI on date change
    Summary
    mreporting is the more reporting GLPI plugin. Prior to 1.9.4, there is a possible SQL injection on date change. This vulnerability is fixed in 1.9.4.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    pluginsGLPI mreporting Affected: < 1.9.4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-22821",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-12T19:25:10.709903Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-12T19:31:55.400Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "mreporting",
              "vendor": "pluginsGLPI",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.9.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "mreporting is the more reporting GLPI plugin. Prior to 1.9.4, there is a possible SQL injection on date change. This vulnerability is fixed in 1.9.4."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-12T18:43:59.249Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/pluginsGLPI/mreporting/security/advisories/GHSA-24q7-h59q-33w8",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/pluginsGLPI/mreporting/security/advisories/GHSA-24q7-h59q-33w8"
            },
            {
              "name": "https://github.com/pluginsGLPI/mreporting/commit/6f4a3caf9c1f7bbed1d910795d6e918d039f1f72",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pluginsGLPI/mreporting/commit/6f4a3caf9c1f7bbed1d910795d6e918d039f1f72"
            }
          ],
          "source": {
            "advisory": "GHSA-24q7-h59q-33w8",
            "discovery": "UNKNOWN"
          },
          "title": "mreporting affected by a SQLI on date change"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-22821",
        "datePublished": "2026-02-12T18:43:59.249Z",
        "dateReserved": "2026-01-09T22:50:10.289Z",
        "dateUpdated": "2026-02-12T19:31:55.400Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-65035 (GCVE-0-2025-65035)

    Vulnerability from cvelistv5 – Published: 2025-12-19 16:35 – Updated: 2025-12-19 18:00
    VLAI
    Title
    GLPI Database Inventory Plugin Vulnerable to Stored Object Injection
    Summary
    pluginsGLPI's Database Inventory Plugin "manages" the Teclib' inventory agents in order to perform an inventory of the databases present on the workstation. Prior to version 1.1.2, in certain conditions (database write access must first be obtained through another vulnerability or misconfiguration), user-controlled data is stored insecurely in the database via computergroup, and is later unserialized on every page load, allowing arbitrary PHP object instantiation. Version 1.1.2 fixes the issue.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-65035",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-19T17:24:10.147346Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-19T18:00:25.116Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "databaseinventory",
              "vendor": "pluginsGLPI",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.1.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "pluginsGLPI\u0027s Database Inventory Plugin \"manages\" the Teclib\u0027 inventory agents in order to perform an inventory of the databases present on the workstation. Prior to version 1.1.2, in certain conditions (database write access must first be obtained through another vulnerability or misconfiguration), user-controlled data is stored insecurely in the database via computergroup, and is later unserialized on every page load, allowing arbitrary PHP object instantiation. Version 1.1.2 fixes the issue."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502: Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-19T16:35:56.944Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/pluginsGLPI/databaseinventory/security/advisories/GHSA-xc3r-32rx-3j4j",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/pluginsGLPI/databaseinventory/security/advisories/GHSA-xc3r-32rx-3j4j"
            },
            {
              "name": "https://github.com/pluginsGLPI/databaseinventory/commit/08c7055d2c5fc744cb092d7d56a608e359c56f1a",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pluginsGLPI/databaseinventory/commit/08c7055d2c5fc744cb092d7d56a608e359c56f1a"
            },
            {
              "name": "https://github.com/pluginsGLPI/databaseinventory/blob/1.1.2/CHANGELOG.md#112---2025-11-25",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pluginsGLPI/databaseinventory/blob/1.1.2/CHANGELOG.md#112---2025-11-25"
            }
          ],
          "source": {
            "advisory": "GHSA-xc3r-32rx-3j4j",
            "discovery": "UNKNOWN"
          },
          "title": "GLPI Database Inventory Plugin Vulnerable to Stored Object Injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-65035",
        "datePublished": "2025-12-19T16:35:56.944Z",
        "dateReserved": "2025-11-13T15:36:51.684Z",
        "dateUpdated": "2025-12-19T18:00:25.116Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-53360 (GCVE-0-2025-53360)

    Vulnerability from cvelistv5 – Published: 2025-11-18 16:12 – Updated: 2025-11-18 18:22
    VLAI
    Title
    pluginsGLPI's Database Inventory Plugin allows any authenticated user to send agent requests
    Summary
    pluginsGLPI's Database Inventory Plugin "manages" the Teclib' inventory agents in order to perform an inventory of the databases present on the workstation. In versions prior to 1.0.3, any authenticated user could send requests to agents. This issue has been patched in version 1.0.3.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53360",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-18T18:22:19.644618Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-18T18:22:25.605Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "databaseinventory",
              "vendor": "pluginsGLPI",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.0.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "pluginsGLPI\u0027s Database Inventory Plugin \"manages\" the Teclib\u0027 inventory agents in order to perform an inventory of the databases present on the workstation. In versions prior to 1.0.3, any authenticated user could send requests to agents. This issue has been patched in version 1.0.3."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-18T16:12:15.116Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/pluginsGLPI/databaseinventory/security/advisories/GHSA-5j5j-xr62-jr58",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/pluginsGLPI/databaseinventory/security/advisories/GHSA-5j5j-xr62-jr58"
            },
            {
              "name": "https://github.com/pluginsGLPI/databaseinventory/commit/0a376a0c6f4142e11ea518faefe95c01b176fd87",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pluginsGLPI/databaseinventory/commit/0a376a0c6f4142e11ea518faefe95c01b176fd87"
            },
            {
              "name": "https://github.com/pluginsGLPI/databaseinventory/commit/7dcad1efb6ee84e9cffb3b446cdb47dc0be1091e",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pluginsGLPI/databaseinventory/commit/7dcad1efb6ee84e9cffb3b446cdb47dc0be1091e"
            },
            {
              "name": "https://github.com/pluginsGLPI/databaseinventory/commit/e9d4474acdab4141a6f4798cdd406b0d04480269",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pluginsGLPI/databaseinventory/commit/e9d4474acdab4141a6f4798cdd406b0d04480269"
            }
          ],
          "source": {
            "advisory": "GHSA-5j5j-xr62-jr58",
            "discovery": "UNKNOWN"
          },
          "title": "pluginsGLPI\u0027s Database Inventory Plugin allows any authenticated user to send agent requests"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-53360",
        "datePublished": "2025-11-18T16:12:15.116Z",
        "dateReserved": "2025-06-27T12:57:16.121Z",
        "dateUpdated": "2025-11-18T18:22:25.605Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-27153 (GCVE-0-2025-27153)

    Vulnerability from cvelistv5 – Published: 2025-07-01 18:27 – Updated: 2025-07-01 19:35
    VLAI
    Title
    Escalade GLPI Plugin Vulnerable to Improper Access Control
    Summary
    Escalade GLPI plugin is a ticket escalation process helper for GLPI. Prior to version 2.9.11, there is an improper access control vulnerability. This can lead to data exposure and workflow disruptions. This issue has been patched in version 2.9.11.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    pluginsGLPI escalade Affected: < 2.9.11
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-27153",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-01T19:34:37.266649Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-01T19:35:43.790Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "escalade",
              "vendor": "pluginsGLPI",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.9.11"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Escalade GLPI plugin is a ticket escalation process helper for GLPI. Prior to version 2.9.11, there is an improper access control vulnerability. This can lead to data exposure and workflow disruptions. This issue has been patched in version 2.9.11."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-01T18:27:50.677Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/pluginsGLPI/escalade/security/advisories/GHSA-pvqv-8r3r-47m9",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/pluginsGLPI/escalade/security/advisories/GHSA-pvqv-8r3r-47m9"
            },
            {
              "name": "https://github.com/pluginsGLPI/escalade/releases/tag/2.9.11",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pluginsGLPI/escalade/releases/tag/2.9.11"
            }
          ],
          "source": {
            "advisory": "GHSA-pvqv-8r3r-47m9",
            "discovery": "UNKNOWN"
          },
          "title": "Escalade GLPI Plugin Vulnerable to Improper Access Control"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-27153",
        "datePublished": "2025-07-01T18:27:50.677Z",
        "dateReserved": "2025-02-19T16:30:47.780Z",
        "dateUpdated": "2025-07-01T19:35:43.790Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-53850 (GCVE-0-2024-53850)

    Vulnerability from cvelistv5 – Published: 2024-12-26 21:41 – Updated: 2024-12-27 16:18
    VLAI
    Title
    The Addressing GLPI plugin allows data enumeration through uncontrolled object instantiation
    Summary
    The Addressing GLPI plugin enables you to create IP reports for visualize IP addresses used and free on a given network.. Starting with 3.0.0 and before 3.0.3, a poor security check allows an unauthenticated attacker to determine whether data exists (by name) in GLPI.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-470 - Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    pluginsGLPI addressing Affected: >= 3.0.0 < 3.0.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-53850",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-27T16:18:33.280505Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-27T16:18:41.207Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "addressing",
              "vendor": "pluginsGLPI",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 3.0.0 \u003c 3.0.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Addressing GLPI plugin enables you to create IP reports for visualize IP addresses used and free on a given network.. Starting with 3.0.0 and before 3.0.3, a poor security check allows an unauthenticated attacker to determine whether data exists (by name) in GLPI."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-470",
                  "description": "CWE-470: Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-26T21:41:55.270Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/pluginsGLPI/addressing/security/advisories/GHSA-fw42-79gw-7qr9",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/pluginsGLPI/addressing/security/advisories/GHSA-fw42-79gw-7qr9"
            },
            {
              "name": "https://github.com/pluginsGLPI/addressing/commit/b334187a99206abbd7d0bc84f720b0a6e69e92f0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pluginsGLPI/addressing/commit/b334187a99206abbd7d0bc84f720b0a6e69e92f0"
            }
          ],
          "source": {
            "advisory": "GHSA-fw42-79gw-7qr9",
            "discovery": "UNKNOWN"
          },
          "title": "The Addressing GLPI plugin allows data enumeration through uncontrolled object instantiation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-53850",
        "datePublished": "2024-12-26T21:41:55.270Z",
        "dateReserved": "2024-11-22T17:30:02.140Z",
        "dateUpdated": "2024-12-27T16:18:41.207Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-45600 (GCVE-0-2024-45600)

    Vulnerability from cvelistv5 – Published: 2024-12-26 21:27 – Updated: 2024-12-30 14:53
    VLAI
    Title
    Fields GLPI plugin has an Authenticated SQL Injection
    Summary
    Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to 1.21.13, an authenticated user can perform a SQL injection when the plugin is active. The vulnerability is fixed in 1.21.13.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    pluginsGLPI fields Affected: < 1.21.13
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45600",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-30T14:53:11.947866Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-30T14:53:26.436Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "fields",
              "vendor": "pluginsGLPI",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.21.13"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to 1.21.13, an authenticated user can perform a SQL injection when the plugin is active. The vulnerability is fixed in 1.21.13."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-26T21:27:01.168Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/pluginsGLPI/fields/security/advisories/GHSA-wwxw-64g6-2992",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/pluginsGLPI/fields/security/advisories/GHSA-wwxw-64g6-2992"
            },
            {
              "name": "https://github.com/pluginsGLPI/fields/commit/eb927b0f084ee4ef6c87ab2eb7a15e99369e74ae#diff-a7024a397fba9a026157683da73cc675ec6b73bd900374b3836bcdc76ec7bd5cR1166",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pluginsGLPI/fields/commit/eb927b0f084ee4ef6c87ab2eb7a15e99369e74ae#diff-a7024a397fba9a026157683da73cc675ec6b73bd900374b3836bcdc76ec7bd5cR1166"
            }
          ],
          "source": {
            "advisory": "GHSA-wwxw-64g6-2992",
            "discovery": "UNKNOWN"
          },
          "title": "Fields GLPI plugin has an Authenticated SQL Injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-45600",
        "datePublished": "2024-12-26T21:27:01.168Z",
        "dateReserved": "2024-09-02T16:00:02.423Z",
        "dateUpdated": "2024-12-30T14:53:26.436Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-33971 (GCVE-0-2023-33971)

    Vulnerability from cvelistv5 – Published: 2023-05-31 17:56 – Updated: 2025-01-09 20:20
    VLAI
    Title
    Formcreator vulnerable to stored XSS from ##FULLFORM##
    Summary
    Formcreator is a GLPI plugin which allow creation of custom forms and the creation of one or more tickets when the form is filled. A probable stored cross-site scripting vulnerability is present in Formcreator 2.13.5 and prior via the use of the use of `##FULLFORM##` for rendering. This could result in arbitrary javascript code execution in an admin/tech context. A patch is unavailable as of time of publication. As a workaround, one may use a regular expression to remove `< > "` in all fields.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    pluginsGLPI formcreator Affected: <= 2.13.5
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:54:14.105Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/pluginsGLPI/formcreator/security/advisories/GHSA-777g-3848-8r3g",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/pluginsGLPI/formcreator/security/advisories/GHSA-777g-3848-8r3g"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-33971",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-09T20:20:29.619837Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-09T20:20:40.283Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "formcreator",
              "vendor": "pluginsGLPI",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 2.13.5"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Formcreator is a GLPI plugin which allow creation of custom forms and the creation of one or more tickets when the form is filled. A probable stored cross-site scripting vulnerability is present in Formcreator 2.13.5 and prior via the use of the use of `##FULLFORM##` for rendering. This could result in arbitrary javascript code execution in an admin/tech context. A patch is unavailable as of time of publication. As a workaround, one may use a regular expression to remove `\u003c \u003e \"` in all fields."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-31T17:56:18.413Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/pluginsGLPI/formcreator/security/advisories/GHSA-777g-3848-8r3g",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/pluginsGLPI/formcreator/security/advisories/GHSA-777g-3848-8r3g"
            }
          ],
          "source": {
            "advisory": "GHSA-777g-3848-8r3g",
            "discovery": "UNKNOWN"
          },
          "title": "Formcreator vulnerable to stored XSS from ##FULLFORM##"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2023-33971",
        "datePublished": "2023-05-31T17:56:18.413Z",
        "dateReserved": "2023-05-24T13:46:35.954Z",
        "dateUpdated": "2025-01-09T20:20:40.283Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-29006 (GCVE-0-2023-29006)

    Vulnerability from cvelistv5 – Published: 2023-04-05 17:53 – Updated: 2025-02-10 15:23
    VLAI
    Title
    Order GLPI plugin vulnerable to remote code execution from authenticated user
    Summary
    The Order GLPI plugin allows users to manage order management within GLPI. Starting with version 1.8.0 and prior to versions 2.7.7 and 2.10.1, an authenticated user that has access to standard interface can craft an URL that can be used to execute a system command. Versions 2.7.7 and 2.10.1 contain a patch for this issue. As a workaround, delete the `ajax/dropdownContact.php` file from the plugin.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    References
    Impacted products
    Vendor Product Version
    pluginsGLPI order Affected: >= 1.8.0, < 2.7.7
    Affected: >= 2.10.0, < 2.10.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:00:14.398Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/pluginsGLPI/order/security/advisories/GHSA-xfx2-qx2r-3wwm",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/pluginsGLPI/order/security/advisories/GHSA-xfx2-qx2r-3wwm"
              },
              {
                "name": "https://github.com/pluginsGLPI/order/commit/c78e64b95e54d5e47d9835984c93049f245b579e",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/pluginsGLPI/order/commit/c78e64b95e54d5e47d9835984c93049f245b579e"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-29006",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-10T15:23:31.220646Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-10T15:23:39.714Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "order",
              "vendor": "pluginsGLPI",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.8.0, \u003c 2.7.7"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.10.0, \u003c 2.10.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Order GLPI plugin allows users to manage order management within GLPI. Starting with version 1.8.0 and prior to versions 2.7.7 and 2.10.1, an authenticated user that has access to standard interface can craft an URL that can be used to execute a system command. Versions 2.7.7 and 2.10.1 contain a patch for this issue. As a workaround, delete the `ajax/dropdownContact.php` file from the plugin."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502: Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-05T17:53:03.041Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/pluginsGLPI/order/security/advisories/GHSA-xfx2-qx2r-3wwm",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/pluginsGLPI/order/security/advisories/GHSA-xfx2-qx2r-3wwm"
            },
            {
              "name": "https://github.com/pluginsGLPI/order/commit/c78e64b95e54d5e47d9835984c93049f245b579e",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pluginsGLPI/order/commit/c78e64b95e54d5e47d9835984c93049f245b579e"
            }
          ],
          "source": {
            "advisory": "GHSA-xfx2-qx2r-3wwm",
            "discovery": "UNKNOWN"
          },
          "title": "Order GLPI plugin vulnerable to remote code execution from authenticated user"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2023-29006",
        "datePublished": "2023-04-05T17:53:03.041Z",
        "dateReserved": "2023-03-29T17:39:16.142Z",
        "dateUpdated": "2025-02-10T15:23:39.714Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-28855 (GCVE-0-2023-28855)

    Vulnerability from cvelistv5 – Published: 2023-04-05 17:48 – Updated: 2025-02-10 16:27
    VLAI
    Title
    Fields GLPI plugin vulnerable to unauthorized write access to additional fields
    Summary
    Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to versions 1.13.1 and 1.20.4, lack of access control check allows any authenticated user to write data to any fields container, including those to which they have no configured access. Versions 1.13.1 and 1.20.4 contain a patch for this issue.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Vendor Product Version
    pluginsGLPI fields Affected: < 1.13.1
    Affected: >= 1.20.0, < 1.20.4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T13:51:38.639Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/pluginsGLPI/fields/security/advisories/GHSA-52vv-hm4x-8584",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/pluginsGLPI/fields/security/advisories/GHSA-52vv-hm4x-8584"
              },
              {
                "name": "https://github.com/pluginsGLPI/fields/commit/784260be7db185bb1e7d66b299997238c4c0205d",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/pluginsGLPI/fields/commit/784260be7db185bb1e7d66b299997238c4c0205d"
              },
              {
                "name": "https://github.com/pluginsGLPI/fields/releases/tag/1.13.1",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/pluginsGLPI/fields/releases/tag/1.13.1"
              },
              {
                "name": "https://github.com/pluginsGLPI/fields/releases/tag/1.20.4",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/pluginsGLPI/fields/releases/tag/1.20.4"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-28855",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-10T16:27:27.665693Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-10T16:27:40.112Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "fields",
              "vendor": "pluginsGLPI",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.13.1"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.20.0, \u003c 1.20.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to versions 1.13.1 and 1.20.4, lack of access control check allows any authenticated user to write data to any fields container, including those to which they have no configured access. Versions 1.13.1 and 1.20.4 contain a patch for this issue."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269: Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-05T17:48:22.384Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/pluginsGLPI/fields/security/advisories/GHSA-52vv-hm4x-8584",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/pluginsGLPI/fields/security/advisories/GHSA-52vv-hm4x-8584"
            },
            {
              "name": "https://github.com/pluginsGLPI/fields/commit/784260be7db185bb1e7d66b299997238c4c0205d",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pluginsGLPI/fields/commit/784260be7db185bb1e7d66b299997238c4c0205d"
            },
            {
              "name": "https://github.com/pluginsGLPI/fields/releases/tag/1.13.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pluginsGLPI/fields/releases/tag/1.13.1"
            },
            {
              "name": "https://github.com/pluginsGLPI/fields/releases/tag/1.20.4",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pluginsGLPI/fields/releases/tag/1.20.4"
            }
          ],
          "source": {
            "advisory": "GHSA-52vv-hm4x-8584",
            "discovery": "UNKNOWN"
          },
          "title": "Fields GLPI plugin vulnerable to unauthorized write access to additional fields"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2023-28855",
        "datePublished": "2023-04-05T17:48:22.384Z",
        "dateReserved": "2023-03-24T16:25:34.468Z",
        "dateUpdated": "2025-02-10T16:27:40.112Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-39190 (GCVE-0-2021-39190)

    Vulnerability from cvelistv5 – Published: 2022-09-22 16:30 – Updated: 2025-04-23 16:56
    VLAI
    Title
    SCCM plugin for GLPI vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
    Summary
    The SCCM plugin for GLPI is a plugin to synchronize computers from SCCM (version 1802) to GLPI. In versions prior to 2.3.0, the Configuration page is publicly accessible in read-only mode. This issue is patched in version 2.3.0. No known workarounds exist.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    Impacted products
    Vendor Product Version
    pluginsGLPI sccm Affected: < 2.3.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:58:18.169Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/pluginsGLPI/sccm/security/advisories/GHSA-3324-57w6-jxcq"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/pluginsGLPI/sccm/commit/29a7f92d32a0cf9aa3f22c52c50b738274d2813e"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-39190",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-23T15:51:15.454232Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-23T16:56:34.675Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "sccm",
              "vendor": "pluginsGLPI",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The SCCM plugin for GLPI is a plugin to synchronize computers from SCCM (version 1802) to GLPI. In versions prior to 2.3.0, the Configuration page is publicly accessible in read-only mode. This issue is patched in version 2.3.0. No known workarounds exist."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-22T16:30:15.000Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/pluginsGLPI/sccm/security/advisories/GHSA-3324-57w6-jxcq"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pluginsGLPI/sccm/commit/29a7f92d32a0cf9aa3f22c52c50b738274d2813e"
            }
          ],
          "source": {
            "advisory": "GHSA-3324-57w6-jxcq",
            "discovery": "UNKNOWN"
          },
          "title": "SCCM plugin for GLPI vulnerable to Exposure of Sensitive Information to an Unauthorized Actor",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-advisories@github.com",
              "ID": "CVE-2021-39190",
              "STATE": "PUBLIC",
              "TITLE": "SCCM plugin for GLPI vulnerable to Exposure of Sensitive Information to an Unauthorized Actor"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "sccm",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c 2.3.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "pluginsGLPI"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The SCCM plugin for GLPI is a plugin to synchronize computers from SCCM (version 1802) to GLPI. In versions prior to 2.3.0, the Configuration page is publicly accessible in read-only mode. This issue is patched in version 2.3.0. No known workarounds exist."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/pluginsGLPI/sccm/security/advisories/GHSA-3324-57w6-jxcq",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/pluginsGLPI/sccm/security/advisories/GHSA-3324-57w6-jxcq"
                },
                {
                  "name": "https://github.com/pluginsGLPI/sccm/commit/29a7f92d32a0cf9aa3f22c52c50b738274d2813e",
                  "refsource": "MISC",
                  "url": "https://github.com/pluginsGLPI/sccm/commit/29a7f92d32a0cf9aa3f22c52c50b738274d2813e"
                }
              ]
            },
            "source": {
              "advisory": "GHSA-3324-57w6-jxcq",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2021-39190",
        "datePublished": "2022-09-22T16:30:15.000Z",
        "dateReserved": "2021-08-16T00:00:00.000Z",
        "dateUpdated": "2025-04-23T16:56:34.675Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-43779 (GCVE-0-2021-43779)

    Vulnerability from cvelistv5 – Published: 2022-01-05 18:45 – Updated: 2025-09-08 15:33
    VLAI
    Title
    Remote Command Execution vulnerability
    Summary
    GLPI is an open source IT Asset Management, issue tracking system and service desk system. The GLPI addressing plugin in versions < 2.9.1 suffers from authenticated Remote Code Execution vulnerability, allowing access to the server's underlying operating system using command injection abuse of functionality. There is no workaround for this issue and users are advised to upgrade or to disable the addressing plugin.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    pluginsGLPI addressing Affected: < 2.9.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-09-08T15:33:16.901Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://github.com/hansmach1ne/CVE-portfolio/tree/main/CVE-2021-43779"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/pluginsGLPI/addressing/security/advisories/GHSA-q5fp-xpr8-77jh"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/pluginsGLPI/addressing/commit/6f55964803054a5acb5feda92c7c7f1d91ab5366"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/hansmach1ne/MyExploits/tree/main/RCE_GLPI_addressing_plugin"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-43779",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-22T15:42:30.567643Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-22T18:34:23.930Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "addressing",
              "vendor": "pluginsGLPI",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.9.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GLPI is an open source IT Asset Management, issue tracking system and service desk system. The GLPI addressing plugin in versions \u003c 2.9.1 suffers from authenticated Remote Code Execution vulnerability, allowing access to the server\u0027s underlying operating system using command injection abuse of functionality. There is no workaround for this issue and users are advised to upgrade or to disable the addressing plugin."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-16T18:00:25.000Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/pluginsGLPI/addressing/security/advisories/GHSA-q5fp-xpr8-77jh"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pluginsGLPI/addressing/commit/6f55964803054a5acb5feda92c7c7f1d91ab5366"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/hansmach1ne/MyExploits/tree/main/RCE_GLPI_addressing_plugin"
            }
          ],
          "source": {
            "advisory": "GHSA-q5fp-xpr8-77jh",
            "discovery": "UNKNOWN"
          },
          "title": "Remote Command Execution vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-advisories@github.com",
              "ID": "CVE-2021-43779",
              "STATE": "PUBLIC",
              "TITLE": "Remote Command Execution vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "addressing",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c 2.9.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "pluginsGLPI"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "GLPI is an open source IT Asset Management, issue tracking system and service desk system. The GLPI addressing plugin in versions \u003c 2.9.1 suffers from authenticated Remote Code Execution vulnerability, allowing access to the server\u0027s underlying operating system using command injection abuse of functionality. There is no workaround for this issue and users are advised to upgrade or to disable the addressing plugin."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-20: Improper Input Validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/pluginsGLPI/addressing/security/advisories/GHSA-q5fp-xpr8-77jh",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/pluginsGLPI/addressing/security/advisories/GHSA-q5fp-xpr8-77jh"
                },
                {
                  "name": "https://github.com/pluginsGLPI/addressing/commit/6f55964803054a5acb5feda92c7c7f1d91ab5366",
                  "refsource": "MISC",
                  "url": "https://github.com/pluginsGLPI/addressing/commit/6f55964803054a5acb5feda92c7c7f1d91ab5366"
                },
                {
                  "name": "https://github.com/hansmach1ne/MyExploits/tree/main/RCE_GLPI_addressing_plugin",
                  "refsource": "MISC",
                  "url": "https://github.com/hansmach1ne/MyExploits/tree/main/RCE_GLPI_addressing_plugin"
                }
              ]
            },
            "source": {
              "advisory": "GHSA-q5fp-xpr8-77jh",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2021-43779",
        "datePublished": "2022-01-05T18:45:11.000Z",
        "dateReserved": "2021-11-16T00:00:00.000Z",
        "dateUpdated": "2025-09-08T15:33:16.901Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-43778 (GCVE-0-2021-43778)

    Vulnerability from cvelistv5 – Published: 2021-11-24 18:50 – Updated: 2025-09-08 15:26
    VLAI Shadowserver KEVIntel
    Title
    Path traversal in GLPI barcode plugin
    Summary
    Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability. This issue was patched in version 2.6.1. As a workaround, delete the `front/send.php` file.
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    pluginsGLPI barcode Affected: >= 2.0.0, < 2.6.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-09-08T15:26:50.189Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://github.com/hansmach1ne/CVE-portfolio/tree/main/CVE-2021-43778"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/pluginsGLPI/barcode/security/advisories/GHSA-2pjh-h828-wcw9"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/pluginsGLPI/barcode/commit/428c3d9adfb446e8492b1c2b7affb3d34072ff46"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/hansmach1ne/MyExploits/tree/main/Path%20Traversal%20in%20GLPI%20Barcode%20plugin"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/pluginsGLPI/barcode/releases/tag/2.6.1"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "barcode",
              "vendor": "pluginsGLPI",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 2.0.0, \u003c 2.6.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability. This issue was patched in version 2.6.1. As a workaround, delete the `front/send.php` file."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-11-24T18:50:10.000Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/pluginsGLPI/barcode/security/advisories/GHSA-2pjh-h828-wcw9"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pluginsGLPI/barcode/commit/428c3d9adfb446e8492b1c2b7affb3d34072ff46"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/hansmach1ne/MyExploits/tree/main/Path%20Traversal%20in%20GLPI%20Barcode%20plugin"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pluginsGLPI/barcode/releases/tag/2.6.1"
            }
          ],
          "source": {
            "advisory": "GHSA-2pjh-h828-wcw9",
            "discovery": "UNKNOWN"
          },
          "title": "Path traversal in GLPI barcode plugin",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-advisories@github.com",
              "ID": "CVE-2021-43778",
              "STATE": "PUBLIC",
              "TITLE": "Path traversal in GLPI barcode plugin"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "barcode",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003e= 2.0.0, \u003c 2.6.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "pluginsGLPI"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability. This issue was patched in version 2.6.1. As a workaround, delete the `front/send.php` file."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/pluginsGLPI/barcode/security/advisories/GHSA-2pjh-h828-wcw9",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/pluginsGLPI/barcode/security/advisories/GHSA-2pjh-h828-wcw9"
                },
                {
                  "name": "https://github.com/pluginsGLPI/barcode/commit/428c3d9adfb446e8492b1c2b7affb3d34072ff46",
                  "refsource": "MISC",
                  "url": "https://github.com/pluginsGLPI/barcode/commit/428c3d9adfb446e8492b1c2b7affb3d34072ff46"
                },
                {
                  "name": "https://github.com/hansmach1ne/MyExploits/tree/main/Path%20Traversal%20in%20GLPI%20Barcode%20plugin",
                  "refsource": "MISC",
                  "url": "https://github.com/hansmach1ne/MyExploits/tree/main/Path%20Traversal%20in%20GLPI%20Barcode%20plugin"
                },
                {
                  "name": "https://github.com/pluginsGLPI/barcode/releases/tag/2.6.1",
                  "refsource": "MISC",
                  "url": "https://github.com/pluginsGLPI/barcode/releases/tag/2.6.1"
                }
              ]
            },
            "source": {
              "advisory": "GHSA-2pjh-h828-wcw9",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2021-43778",
        "datePublished": "2021-11-24T18:50:10.000Z",
        "dateReserved": "2021-11-16T00:00:00.000Z",
        "dateUpdated": "2025-09-08T15:26:50.189Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }