Teclib Edition

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-25937 1Teclib Edition 1Glpi Mar 23, 2026 Mar 18, 2026 N/A· v4 6.5 MEDIUM· v3 N/A· v2 GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, a malicious actor with knowledge of a user's credentials can bypass MFA and steal their account. Version 11...Show more GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, a malicious actor with knowledge of a user's credentials can bypass MFA and steal their account. Version 11.0.6 fixes the issue.Show less
CVE-2026-25936 1Teclib Edition 1Glpi Mar 19, 2026 Mar 17, 2026 N/A· v4 8.8 HIGH· v3 N/A· v2 GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, an authenticated user can perfom a SQL injection. Version 11.0.6 fixes the issue.
CVE-2026-23489 1Teclib Edition 1Fields Mar 18, 2026 Mar 16, 2026 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to version 1.23.3, it is possible to execute arbitrary PHP code from users that are allowed to create dropdowns. This issue has be...Show more Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to version 1.23.3, it is possible to execute arbitrary PHP code from users that are allowed to create dropdowns. This issue has been patched in version 1.23.3.Show less
CVE-2026-22248 1Teclib Edition 1Glpi Mar 20, 2026 Mar 11, 2026 N/A· v4 8.8 HIGH· v3 N/A· v2 GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. From 11.0.0 to before 11.0.5, an authenticated technician user can upload...Show more GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. From 11.0.0 to before 11.0.5, an authenticated technician user can upload a malicious file and trigger its execution through an unsafe PHP instantiation. This vulnerability is fixed in 11.0.5.Show less
CVE-2023-33971 1Teclib Edition 1Form Creator Nov 21, 2024 May 31, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Formcreator is a GLPI plugin which allow creation of custom forms and the creation of one or more tickets when the form is filled. A probable stored cross-site scripting vulnerability is present in Formcreator 2.13.5 and...Show more Formcreator is a GLPI plugin which allow creation of custom forms and the creation of one or more tickets when the form is filled. A probable stored cross-site scripting vulnerability is present in Formcreator 2.13.5 and prior via the use of the use of `##FULLFORM##` for rendering. This could result in arbitrary javascript code execution in an admin/tech context. A patch is unavailable as of time of publication. As a workaround, one may use a regular expression to remove `< > "` in all fields.Show less
CVE-2023-28855 1Teclib Edition 1Fields Nov 21, 2024 Apr 5, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to versions 1.13.1 and 1.20.4, lack of access control check allows any authenticated user to write data to any fields container, i...Show more Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to versions 1.13.1 and 1.20.4, lack of access control check allows any authenticated user to write data to any fields container, including those to which they have no configured access. Versions 1.13.1 and 1.20.4 contain a patch for this issue.Show less
CVE-2021-39190 1Teclib Edition 1System Center Configuration Manager Nov 21, 2024 Sep 22, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 The SCCM plugin for GLPI is a plugin to synchronize computers from SCCM (version 1802) to GLPI. In versions prior to 2.3.0, the Configuration page is publicly accessible in read-only mode. This issue is patched in versio...Show more The SCCM plugin for GLPI is a plugin to synchronize computers from SCCM (version 1802) to GLPI. In versions prior to 2.3.0, the Configuration page is publicly accessible in read-only mode. This issue is patched in version 2.3.0. No known workarounds exist.Show less
CVE-2021-43779 1Teclib Edition 1Addressing Sep 8, 2025 Jan 5, 2022 N/A· v4 9.9 CRITICAL· v3 9.0 HIGH· v2 GLPI is an open source IT Asset Management, issue tracking system and service desk system. The GLPI addressing plugin in versions < 2.9.1 suffers from authenticated Remote Code Execution vulnerability, allowing access to...Show more GLPI is an open source IT Asset Management, issue tracking system and service desk system. The GLPI addressing plugin in versions < 2.9.1 suffers from authenticated Remote Code Execution vulnerability, allowing access to the server's underlying operating system using command injection abuse of functionality. There is no workaround for this issue and users are advised to upgrade or to disable the addressing plugin.Show less
CVE-2019-12724 1Teclib Edition 1News Nov 21, 2024 Jul 10, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in the Teclib News plugin through 1.5.2 for GLPI. It allows a stored XSS attack via the $_POST['name'] parameter.
CVE-2019-12723 1Teclib Edition 1Fields Nov 21, 2024 Jul 10, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in the Teclib Fields plugin through 1.9.2 for GLPI. it allows SQL Injection via container_id and old_order parameters to ajax/reorder.php by an unauthenticated user.
CVE-2019-10232 1Teclib Edition 1Gestionnaire Libre De Parc Informatique Nov 21, 2024 Mar 27, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Teclib GLPI through 9.3.3 has SQL injection via the "cycle" parameter in /scripts/unlock_tasks.php.
CVE-2019-10231 1Teclib Edition 1Gestionnaire Libre De Parc Informatique Nov 21, 2024 Mar 27, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Teclib GLPI before 9.4.1.1 is affected by a PHP type juggling vulnerability allowing bypass of authentication. This occurs in Auth::checkPassword() (inc/auth.class.php).
CVE-2018-7289 1Teclib Edition 1Armadito Antivirus Nov 21, 2024 Feb 21, 2018 N/A· v4 3.3 LOW· v3 4.3 MEDIUM· v2 An issue was discovered in armadito-windows-driver/src/communication.c in Armadito 0.12.7.2. Malware with filenames containing pure UTF-16 characters can bypass detection. The user-mode service will fail to open the file...Show more An issue was discovered in armadito-windows-driver/src/communication.c in Armadito 0.12.7.2. Malware with filenames containing pure UTF-16 characters can bypass detection. The user-mode service will fail to open the file for scanning after the conversion is done from Unicode to ANSI. This happens because characters that cannot be converted from Unicode are replaced with '?' characters.Show less