Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
pluginsGLPI's Database Inventory Plugin allows any authenticated user to send agent requests
Vulnerability Description
pluginsGLPI's Database Inventory Plugin "manages" the Teclib' inventory agents in order to perform an inventory of the databases present on the workstation. In versions prior to 1.0.3, any authenticated user could send requests to agents. This issue has been patched in version 1.0.3.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
访问控制不恰当
Vulnerability Title
Database inventory plugin 访问控制错误漏洞
Vulnerability Description
Database inventory plugin是GLPI Project Plugins开源的一个数据库管理插件。 Database inventory plugin 1.0.3之前版本存在访问控制错误漏洞,该漏洞源于任何经过身份验证的用户都可以向代理发送请求。
CVSS Information
N/A
Vulnerability Type
N/A