CVE-2011-2720

GLPI < 0.80.2 - Exposure of Sensitive Information via Autocompletion

Title source: llm
STIX 2.1

Description

The autocompletion functionality in GLPI before 0.80.2 does not blacklist certain username and password fields, which allows remote attackers to obtain sensitive information via a crafted POST request.

References (21)

Core 21
Core References
Issue Tracking x_refsource_confirm
https://forge.indepnet.net/issues/3017
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/45542
Patch mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/07/26/11
Patch mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/07/25/7
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2012:014
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/48884
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063408.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063679.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/45366
Various Sources x_refsource_confirm
https://forge.indepnet.net/projects/glpi/versions/605

Scores

EPSS 0.0102
EPSS Percentile 77.5%

Details

CWE
CWE-200
Status published
Products (31)
glpi-project/glpi 0.5 (3 CPE variants)
glpi-project/glpi 0.6 (4 CPE variants)
glpi-project/glpi 0.42
glpi-project/glpi 0.51
glpi-project/glpi 0.51a
glpi-project/glpi 0.65 (3 CPE variants)
glpi-project/glpi 0.68 (4 CPE variants)
glpi-project/glpi 0.68.1
glpi-project/glpi 0.68.2
glpi-project/glpi 0.68.3
... and 21 more
Published Aug 05, 2011
Tracked Since Feb 18, 2026