The vulnerability of the GLPI system’s handling of requests and incidents is related to improper cancellation of input data during the generation of web pages. This allows a malicious user to gain unauthorized access to GLPI administrator’s cookie files.
The vulnerability of the GLPI request and incident handling system lies in the fact that the registration key is not properly encrypted on the configuration page for the registration key. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to the...