Skip to main content

Gestionnaire Libre De Parc Informatique

2 CVEs product

Monthly

CVE-2019-10232 CRITICAL POC PATCH THREAT Act Now

Teclib GLPI through 9.3.3 has SQL injection via the "cycle" parameter in /scripts/unlock_tasks.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Gestionnaire Libre De Parc Informatique
NVD GitHub
CVSS 3.0
9.8
EPSS
23.2%
CVE-2019-10231 CRITICAL PATCH Act Now

Teclib GLPI before 9.4.1.1 is affected by a PHP type juggling vulnerability allowing bypass of authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Authentication Bypass PHP Memory Corruption Gestionnaire Libre De Parc Informatique
NVD GitHub
CVSS 3.0
9.8
EPSS
2.1%
EPSS 23% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Teclib GLPI through 9.3.3 has SQL injection via the "cycle" parameter in /scripts/unlock_tasks.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Gestionnaire Libre De Parc Informatique
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

Teclib GLPI before 9.4.1.1 is affected by a PHP type juggling vulnerability allowing bypass of authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Authentication Bypass PHP Memory Corruption +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy