CVE-2011-2720

The autocompletion functionality in GLPI before 0.80.2 does not blacklist certain username and password fields, which allows remote attackers to obtain sensitive information via a crafted POST request.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.5:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.5:rc1:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.5:rc2:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.6:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.6:rc1:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.6:rc2:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.6:rc3:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.42:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.51:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.51a:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.65:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.65:rc1:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.65:rc2:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.68:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.68:rc1:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.68:rc2:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.68:rc3:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.68.1:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.68.2:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.68.3:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.70:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.70:rc1:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.70:rc2:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.70:rc3:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.70.1:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.70.2:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.71:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.71.1:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.71.1:rc1:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.71.1:rc2:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.71.1:rc3:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.71.2:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.71.3:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.71.4:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.71.5:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.71.6:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.72:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.72:rc1:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.72:rc2:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.72:rc3:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.72.1:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.72.2:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.72.3:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.72.4:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.78:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.78.1:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.78.2:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.78.3:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.78.4:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.78.5:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.80:*:*:*:*:*:*:*

History

No history.

Information

Published : 2011-08-05 21:55

Updated : 2024-02-28 11:41


NVD link : CVE-2011-2720

Mitre link : CVE-2011-2720

CVE.ORG link : CVE-2011-2720


JSON object : View

Products Affected

glpi-project

  • glpi
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor