Filtered by vendor Glpi-project
Subscriptions
Filtered by product Glpi Inventory
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-31082 | 1 Glpi-project | 1 Glpi Inventory | 2024-11-21 | 5.8 Medium |
| GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. glpi-inventory-plugin is a plugin for GLPI to handle inventory management. In affected versions a SQL injection can be made using package deployment tasks. This issue has been resolved in version 1.0.2. Users are advised to upgrade. Users unable to upgrade should delete the `front/deploypackage.public.php` file if they are not using the `deploy tasks` feature. | ||||
| CVE-2022-31062 | 1 Glpi-project | 1 Glpi Inventory | 2024-11-21 | 5.3 Medium |
| ### Impact A plugin public script can be used to read content of system files. ### Patches Upgrade to version 1.0.2. ### Workarounds `b/deploy/index.php` file can be deleted if deploy feature is not used. | ||||
Page 1 of 1.