Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
weak CSRF tokens in GLPI
Vulnerability Description
In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated using an insecure algorithm. The implementation uses rand and uniqid and MD5 which does not provide secure values. This is fixed in version 9.4.6.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N
Vulnerability Type
使用已被攻破或存在风险的密码学算法
Vulnerability Title
Teclib GLPI 加密问题漏洞
Vulnerability Description
Teclib GLPI是法国Teclib公司的一套开源的IT资产管理套件。该套件包含设备状态管理、资产清单存储、管理流程和工作日志管理等功能。 Teclib GLPI 0.83.3之后版本(9.4.6版本已修复)中存在加密问题漏洞,该漏洞源于不安全的加密算法。远程攻击者可利用该漏洞在网站上执行任意操作。
CVSS Information
N/A
Vulnerability Type
N/A