4 matches found
CVE-2023-28632
creationtimestamp| type| source ---|---|--- 2023-04-05 18:40:08+00:00| seen| https://t.me/cibsecurity/61461...
CVE-2023-28632
GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, an authenticated user can modify emails of any user, and can therefore takeover another user account through the "forgotten password" feature. By modifying emails, the user c...
CVE-2023-28632
Summary (CVE-2023-28632 in GLPI): An authenticated user can modify any user’s email via the forgotten password flow, enabling possible account takeover and access to sensitive notifications. Affected versions are GLPI 0.83 up to 9.5.12/10.0.6 before patches were released; versions 9.5.13 and 10.0...
CVE-2023-28632 GLPI vulnerable to account takeover by authenticated user
GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, an authenticated user can modify emails of any user, and can therefore takeover another user account through the "forgotten password" feature. By modifying emails, the user c...