The autocompletion functionality in GLPI prior to 0.80.2 does not blacklist certain username and password fields, which allows remote malicious users to obtain sensitive information via a crafted POST request.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
glpi-project glpi |
||
glpi-project glpi 0.80 |
||
glpi-project glpi 0.72.4 |
||
glpi-project glpi 0.72.3 |
||
glpi-project glpi 0.72.2 |
||
glpi-project glpi 0.71.5 |
||
glpi-project glpi 0.71.4 |
||
glpi-project glpi 0.71.1 |
||
glpi-project glpi 0.78.1 |
||
glpi-project glpi 0.78 |
||
glpi-project glpi 0.72 |
||
glpi-project glpi 0.70 |
||
glpi-project glpi 0.68.3 |
||
glpi-project glpi 0.68.2 |
||
glpi-project glpi 0.65 |
||
glpi-project glpi 0.5 |
||
glpi-project glpi 0.78.3 |
||
glpi-project glpi 0.78.2 |
||
glpi-project glpi 0.71.6 |
||
glpi-project glpi 0.71 |
||
glpi-project glpi 0.68 |
||
glpi-project glpi 0.51a |
||
glpi-project glpi 0.51 |
||
glpi-project glpi 0.78.5 |
||
glpi-project glpi 0.78.4 |
||
glpi-project glpi 0.72.1 |
||
glpi-project glpi 0.71.3 |
||
glpi-project glpi 0.71.2 |
||
glpi-project glpi 0.70.1 |
||
glpi-project glpi 0.6 |
||
glpi-project glpi 0.70.2 |
||
glpi-project glpi 0.68.1 |
||
glpi-project glpi 0.42 |