The Dashboard plugin up to and including 1.0.2 for GLPI allows remote low-privileged users to bypass access control on viewing information about the last ten events, the connected users, and the users in the tech category. For example, plugins/dashboard/front/main2.php can be used.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
glpi-project dashboard |