| Max CVSS | 7.5 | Min CVSS | 5.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2014-9258 | 6.5 |
SQL injection vulnerability in ajax/getDropdownValue.php in GLPI before 0.85.1 allows remote authenticated users to execute arbitrary SQL commands via the condition parameter.
|
18-04-2015 - 01:59 | 19-12-2014 - 15:59 | |
| CVE-2014-8360 | 7.5 |
Directory traversal vulnerability in inc/autoload.function.php in GLPI before 0.84.8 allows remote attackers to include and execute arbitrary local files via a .._ (dot dot underscore) in an item type to the getItemForItemtype, as demonstrated by the
|
15-04-2015 - 15:21 | 14-04-2015 - 18:59 | |
| CVE-2014-5032 | 5.0 |
GLPI before 0.84.7 does not properly restrict access to cost information, which allows remote attackers to obtain sensitive information via the cost criteria in the search bar.
|
15-04-2015 - 15:19 | 14-04-2015 - 18:59 |