The autocompletion functionality in GLPI before 0.80.2 does not blacklist certain username and password fields, which allows remote attackers to obtain sensitive information via a crafted POST request.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2011-08-05T21:00:00
Updated: 2024-08-06T23:08:23.791Z
Reserved: 2011-07-11T00:00:00
Link: CVE-2011-2720
Vulnrichment
No data.
NVD
Status : Modified
Published: 2011-08-05T21:55:06.107
Modified: 2024-11-21T01:28:49.787
Link: CVE-2011-2720
Redhat
No data.