CVE-2023-53943

MEDIUM

GLPI 9.5.7 - Info Disclosure

Title source: llm

Description

GLPI 9.5.7 contains a username enumeration vulnerability in the lost password recovery mechanism that allows attackers to validate email addresses. Attackers can systematically test email addresses by submitting requests to the password reset endpoint and analyzing response differences to identify valid user accounts.

Exploits (1)

exploitdb SCANNER

by Rafael B. · pythonwebappsphp

https://www.exploit-db.com/exploits/51418

View Code ZIP pw:eip

References (3)

[Product] https://glpi-project.org/pt-br/

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/51418

[Third Party Advisory] https://www.vulncheck.com/advisories/glpi-username-enumeration-vulnerability-via-lost-password-endpoint

Scores

CVSS v3 5.3

EPSS 0.0006

EPSS Percentile 19.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-203

Status published

Products (2)

glpi-project/glpi 9.5.7

Glpi-Project/GLPI 9.5.7

Published Dec 18, 2025

Tracked Since Feb 18, 2026