CVE-2015-7685

CVE-2015-7685

EPSS 1.7%

GLPI before 0.85.3 allows remote authenticated users to create super-admin accounts by leveraging permissions to create a user and the _profiles_id parameter to front/user.form.php.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://seclists.org/fulldisclosure/2015/Feb/71 https://forge.glpi-project.org/issues/5218 http://www.glpi-project.org/spip.php?page=annonce&id_breve=338