Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
GLPI vulnerable to account takeover without privilege escalation through the API
Vulnerability Description
GLPI is a free asset and IT management software package. Starting in version 9.3.0 and prior to version 10.0.17, an authenticated user can use the API to take control of any user that have the same or a lower level of privileges. Version 10.0.17 contains a patch for this issue.
CVSS Information
N/A
Vulnerability Type
访问控制不恰当
Vulnerability Title
GLPI 访问控制错误漏洞
Vulnerability Description
GLPI是GLPI开源的一款开源IT和资产管理软件。该软件提供功能全面的IT资源管理接口,你可以用它来建立数据库全面管理IT的电脑,显示器,服务器,打印机,网络设备,电话,甚至硒鼓和墨盒等。 GLPI存在访问控制错误漏洞,该漏洞源于经过身份验证的用户可以使用API来控制任何拥有相同或较低权限级别的用户。
CVSS Information
N/A
Vulnerability Type
N/A