2 matches found
PT-2021-22463 · Glpi +1 · Glpi +1
Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 9.5.6 Description: The issue affects the autologin cookie used when the "remember me" feature is enabled, making it accessible to scripts. A malicious plugin could exploit this to steal the cookie and use it for...
PT-2021-22465 · Glpi +1 · Glpi +1
Name of the Vulnerable Software and Affected Versions: GLPI versions 9.1 through 9.5.6 Description: GLPI is a free Asset and IT management software package. Starting in version 9.1 and prior to version 9.5.6, GLPI with API Rest enabled is vulnerable to API bypass with custom header injection. Thi...