Refine your search
2 vulnerabilities found for by glpi-project
CVE-2025-32786 (GCVE-0-2025-32786)
Vulnerability from cvelistv5
Published
2025-11-04 20:18
Modified
2025-11-05 18:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Versions 1.5.0 and below are vulnerable to SQL Injection. This issue is fixed in version 1.5.1.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| glpi-project | glpi-inventory-plugin |
Version: < 1.5.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32786",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-04T20:42:43.006662Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-05T18:48:29.572Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "glpi-inventory-plugin",
"vendor": "glpi-project",
"versions": [
{
"status": "affected",
"version": "\u003c 1.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Versions 1.5.0 and below are vulnerable to SQL Injection. This issue is fixed in version 1.5.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T20:18:43.581Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/glpi-project/glpi-inventory-plugin/security/advisories/GHSA-w2cp-r675-6xpq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/glpi-project/glpi-inventory-plugin/security/advisories/GHSA-w2cp-r675-6xpq"
},
{
"name": "https://github.com/glpi-project/glpi-inventory-plugin/blob/1.5.1/CHANGELOG.md",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/glpi-project/glpi-inventory-plugin/blob/1.5.1/CHANGELOG.md"
},
{
"name": "https://github.com/glpi-project/glpi-inventory-plugin/releases/tag/1.5.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/glpi-project/glpi-inventory-plugin/releases/tag/1.5.1"
}
],
"source": {
"advisory": "GHSA-w2cp-r675-6xpq",
"discovery": "UNKNOWN"
},
"title": "GLPI Inventory Plugin is Vulnerable to Unauthenticated SQL Injection"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-32786",
"datePublished": "2025-11-04T20:18:43.581Z",
"dateReserved": "2025-04-10T12:51:12.280Z",
"dateUpdated": "2025-11-05T18:48:29.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-35914 (GCVE-0-2022-35914)
Vulnerability from cvelistv5
Published
2022-09-19 00:00
Modified
2025-10-21 23:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:44:22.145Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://www.bioinformatics.org/phplabware/sourceer/sourceer.php?\u0026Sfs=htmLawedTest.php\u0026Sl=.%2Finternal_utilities%2FhtmLawed"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/glpi-project/glpi/releases"
},
{
"tags": [
"x_transferred"
],
"url": "https://glpi-project.org/fr/glpi-10-0-3-disponible/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/169501/GLPI-10.0.2-Command-Injection.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-35914",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T16:21:19.269071Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-03-07",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-35914"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:15:35.415Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-35914"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-03-07T00:00:00+00:00",
"value": "CVE-2022-35914 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-07T19:34:04.621Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://www.bioinformatics.org/phplabware/sourceer/sourceer.php?\u0026Sfs=htmLawedTest.php\u0026Sl=.%2Finternal_utilities%2FhtmLawed"
},
{
"url": "https://github.com/glpi-project/glpi/releases"
},
{
"url": "https://glpi-project.org/fr/glpi-10-0-3-disponible/"
},
{
"url": "http://packetstormsecurity.com/files/169501/GLPI-10.0.2-Command-Injection.html"
},
{
"url": "https://github.com/Orange-Cyberdefense/CVE-repository/"
},
{
"url": "https://github.com/Orange-Cyberdefense/CVE-repository/blob/master/PoCs/POC_2022-35914.sh"
},
{
"url": "https://mayfly277.github.io/posts/GLPI-htmlawed-CVE-2022-35914/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-35914",
"datePublished": "2022-09-19T00:00:00.000Z",
"dateReserved": "2022-07-15T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:15:35.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}