← volver
CVE-2011-2720

CVE-2011-2720

EPSS 2.9%
The autocompletion functionality in GLPI before 0.80.2 does not blacklist certain username and password fields, which allows remote attackers to obtain sensitive information via a crafted POST request.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063408.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-August/063679.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=726185http://secunia.com/advisories/45366http://secunia.com/advisories/45542https://forge.indepnet.net/issues/3017https://forge.indepnet.net/projects/glpi/repository/revisions/14951https://forge.indepnet.net/projects/glpi/repository/revisions/14952https://forge.indepnet.net/projects/glpi/repository/revisions/14954https://forge.indepnet.net/projects/glpi/repository/revisions/14955https://forge.indepnet.net/projects/glpi/repository/revisions/14956https://forge.indepnet.net/projects/glpi/repository/revisions/14957