CVE-2019-10477
HIGHFusionInventory <1.4 - GLPI 9.3.x,9.4.x Info Disclosure
Title source: llmDescription
The FusionInventory plugin before 1.4 for GLPI 9.3.x and before 1.1 for GLPI 9.4.x mishandles sendXML actions.
References (5)
Core 5
Core References
Product, Third Party Advisory x_refsource_misc
https://github.com/fusioninventory/fusioninventory-for-glpi/releases/tag/glpi9.4%2B1.1
Product, Third Party Advisory x_refsource_misc
https://github.com/fusioninventory/fusioninventory-for-glpi/releases/tag/glpi9.3%2B1.4
Patch, Third Party Advisory x_refsource_misc
https://github.com/fusioninventory/fusioninventory-for-glpi/commit/0f777f85773b18f5252e79afa1929fcdc4858c3a
Patch, Third Party Advisory x_refsource_misc
https://github.com/fusioninventory/fusioninventory-for-glpi/compare/cec774a...baa4158
Patch, Third Party Advisory x_refsource_misc
https://github.com/fusioninventory/fusioninventory-for-glpi/compare/260a864...e1f776d
Scores
CVSS v3
7.5
EPSS
0.0179
EPSS Percentile
75.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-19
Status
published
Products (1)
fusioninventory/fusioninventory
< 1.4
Published
Mar 29, 2019
Tracked Since
Feb 18, 2026