FreeBSD : glpi-project — GLPI multiple vulnerabilities (c36decbe-3c84-11f0-8d29-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the c36decbe-3c84-11f0-8d29-b42e991fc52e advisory. security-advisories@github.com reports: CVE-2024-11955: A vulnerability was found in GLPI up to 10.0.17. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument redirect leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 10.0.18 is able to address this issue. It is recommended to upgrade the affected component. CVE-2025-23024: Starting in version 0.72 and prior to version 10.0.18, an anonymous user can disable all the active plugins. Version 10.0.18 contains a patch. As a workaround, one may delete the `install/update.php` file. CVE-2025-23046: Prior to version 10.0.18, a low privileged user can enable debug mode and access sensitive information. Version 10.0.18 contains a patch. As a workaround, one may delete the `install/update.php` file. CVE-2025-25192: Starting in version 9.5.0 and prior to version 10.0.18, if a…Read More