An issue exists in GLPI prior to 9.4.1. After a successful password reset by a user, it is possible to change that user's password again during the next 24 hours without any information except the associated email address.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
glpi-project glpi |