CVE-2019-10231
CRITICALTeclib GLPI < 9.4.1.1 - Authentication Bypass via PHP Type Juggling in Auth::checkPassword()
Title source: llmDescription
Teclib GLPI before 9.4.1.1 is affected by a PHP type juggling vulnerability allowing bypass of authentication. This occurs in Auth::checkPassword() (inc/auth.class.php).
References (2)
Core 2
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/glpi-project/glpi/pull/5520
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/glpi-project/glpi/releases/tag/9.4.1.1
Scores
CVSS v3
9.8
EPSS
0.0209
EPSS Percentile
79.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-843
Status
published
Products (1)
teclib-edition/gestionnaire_libre_de_parc_informatique
< 9.4.1.1
Published
Mar 27, 2019
Tracked Since
Feb 18, 2026