Nixpkgs Security Tracker

Login with GitHub

Suggestions search

Untriaged
Filter by:
With package: glpi-agent

Found 4 matching suggestions

View:
Compact
Detailed
Permalink CVE-2026-25937
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 5 days, 14 hours ago
GLPI has a MFA bypass

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, a malicious actor with knowledge of a user's credentials can bypass MFA and steal their account. Version 11.0.6 fixes the issue.

References

Affected products

glpi
  • ==>= 11.0.0, < 11.0.6

Matching in nixpkgs

Package maintainers

Permalink CVE-2026-25936
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 5 days, 14 hours ago
GLPI Vulnerable to Authenticated SQL Injection

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, an authenticated user can perfom a SQL injection. Version 11.0.6 fixes the issue.

References

Affected products

glpi
  • ==>= 11.0.0, < 11.0.6

Matching in nixpkgs

Package maintainers

Permalink CVE-2026-22248
8.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 week, 3 days ago
GLPI affected by Remote Code Execution via malicious upload

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. From 11.0.0 to before 11.0.5, an authenticated technician user can upload a malicious file and trigger its execution through an unsafe PHP instantiation. This vulnerability is fixed in 11.0.5.

References

Affected products

glpi
  • ==>= 11.0.0, < 11.0.5

Matching in nixpkgs

Package maintainers

Permalink CVE-2013-2227
created 1 month ago
GLPI 0.83.7 has Local File Inclusion in common.tabs.php.

GLPI 0.83.7 has Local File Inclusion in common.tabs.php.

References

Affected products

GLPI
  • ==0.83.7

Matching in nixpkgs

Package maintainers