CVE-2019-10231
CRITICALTeclib-edition Gestionnaire Libre DE ... - Type Confusion
Title source: ruleDescription
Teclib GLPI before 9.4.1.1 is affected by a PHP type juggling vulnerability allowing bypass of authentication. This occurs in Auth::checkPassword() (inc/auth.class.php).
References (2)
Core 2
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/glpi-project/glpi/pull/5520
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/glpi-project/glpi/releases/tag/9.4.1.1
Scores
CVSS v3
9.8
EPSS
0.0049
EPSS Percentile
65.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-843
Status
published
Products (1)
teclib-edition/gestionnaire_libre_de_parc_informatique
< 9.4.1.1
Published
Mar 27, 2019
Tracked Since
Feb 18, 2026